MARCH  31,  2008 

VOL.  42,  NO.  14  S5/C0PY 


News  Analysis 

A  Web-based  grid  is 
helping  medical  re¬ 
searchers  use  human 
genome  advances 
to  improve  cancer 
treatments,  page  12 


The  economy  may  be 
tanking.  But  a  flood  of 
H-1B  applications  is 
on  the  way.  page  16 


THE  GRILL:  Former 
White  House  security 
czar  Howard  Schmidt 
talks  about  whether 
the  U.S.  can  really 
stand  up  to  foreign 
cyberattacks,  page  19 


Opinions 

Five  problems 
that  keep  IT  from 
speeding  up  its 
processes,  page  21 


mmgmm 


You,  too,  can  beat 
Internet  sabotage  - 
like  Martha  Stewart’s 
IT  shop  did.  page  44 


Don’t  Miss . . . 

ON  THE  MARK:  The 
promise  of  fail-over 
protection  for  virtual 
servers,  page  18 


CAREER  WATCH:  Cisco  plans  a  new  certification 
for  the  ‘top  chefs’  of  network  design.  PAGE  40 


SPECIAL  REPORT 


Companies  hit  hard 
by  9/11  and  Katrina  have 
recovered,  but  are  they 
ready  for  what’s  next? 

PAGE  22 


U.  m.CT 


§ 


m 


h  ■ 


n  $  i 


;  - 


m 


?h 


m 


■  f 


- 


' 


m 


1  * 


W 


ALTERNATIVE  THINKING  ABOUT  SERVICE  MANAGEMENT 


m 


Alternative  thinking  is  repositioning  IT  from  the  server  closet 
to  the  front  lines,  embracing  its  impact  on  the  business 
(not  just  in  a  Power  Point®  deck,  but  actually  doing  it). 

It's  rewiring  the  rules  of  engagement  to  identify  problems, 
prioritize  solutions  and  automate  change  (before  things 
become  business  critical). 

It's  partnering  with  HP,  a  pioneering  force  behind  ITIL,  to  leverage 
the  experience  of  certified  consultants  and  utilize  the  ingenuity 
engrained  in  the  DNA  of  our  software. 

business  metrics  under  the  microscope  every  day, 
nanosecond — enhancing  insight  and 
(from  a  financial  perspective,  for  a  change). 


WMmtM 


mm 


y  for  better  business  outcomes 


■  NEWS  DIGEST 

6  Microsoft  knew  about  flaws  in  its  Jet  Data¬ 
base  Engine  as  far  back  as  2005  but  thought  users 
were  safe  from  attack.  |  DARPA  is  giving  Sun 
$44.3  million  for  research  into  using  optical 
technologies  to  connect  processors  in  systems. 

8  Waste  Management  is  suing  SAP  to  recover 
more  than  $100  million  in  costs  from  a  failed 
ERP  project.  |  A  former  programmer  was 

sentenced  to  42  months  in  prison  for  stealing 
a  hard  drive  with  bank  records  and  using  fake 
debit  cards  to  withdraw  money  from  accounts. 

10  IT  managers  should  be  skeptical  of  the 
benefits  promised  by  champions  of  hosted  soft¬ 
ware,  warned  a  panel  of  execs  at  Computerworld's 
SaaSCon  conference. 

■  NEWS  ANALYSIS 

12  Genome  Discovery  Forces  Massive  IT 
Upgrade.  The  deciphering  of  the  human  genome 
created  an  explosion  of  data,  prompting  the 
National  Cancer  Institute  to  develop  a  grid-based 
system  for  sharing  information  among  researchers. 

16  Recession  Unlikely 
to  Curb  H-1B  Demand. 

Even  with  the  economy 
tanking,  companies  are 
expected  to  file  a  record 
number  of  applications  for 
H-1B  visas  this  week. 

■  OPINIONS  AND  FEATURES 

4  Editor’s  Note:  Don  Tennant  wishes  that 
people  would  deal  with  the  world  as  it  as  and  not  as 
they  wish  it  to  be  when  they  confront  problems  like 
retraining  the  IT  workforce. 

18  On  the  Mark:  Mark  Hall  reports  on  a  tool 
that  promises  fail-over  protection  for  virtual  servers. 

19  The  Grill:  Howard  Schmidt,  a  former 
White  House  security  adviser,  talks  about  mobile 
vulnerabilities,  background  checks  for  IT  workers 
and  fishing. 

21  Bruce  A.  Stewart  says  IT  can’t  just  decide 
to  speed  things  up.  It  must  first  address  five  core 
problems. 

40  Career  Watch:  Dealing  with  difficult  people 
at  work;  and  what’s  happening  with  certifications. 

42  Shark  Tank:  If  you  can’t  take  the  chill,  stay 
out  of  the  server  room. 

44  Frankly  Speaking:  Frank  Hayes  says 
every  company  can  learn  a  lesson  from  what  didn't 
happen  to  Martha  Stewart’s  publishing  company 
when  ConEd  hijacked  its  Internet  connection. 

■  ALSO  IN  THIS  ISSUE 

Online  Chatter  5 

Company  Index  42 


BREAKING  NEWS  AT  COMPUTERWORLD.COM 


COMPUTERWORLD  MARCH  31,  2008 
SPOTLIGHT  I  STORAGE 


Events  like  9/11  and  Hur- 
£■£■  ricane  Katrina  have  brought 
disaster  to  IT’s  doorstep.  But  many 
companies  are  still  applying  old 
strategies  to  new  disaster  scenarios. 


LU 

X. 

D 

O 

5 

< 


cc 

LU 

> 

o 

o 


Disaster 

Survivors 

These  six  organizations  endured  enor¬ 
mous  disasters.  What  their  IT  teams 
learned  about  emergency  prepared¬ 
ness  came  at  a  high  price,  yet  those 
lessons  have  made  them  better  pre¬ 
pared  for  what  might  happen  next. 


STulane  University.  Following 
Katrina,  the  university  made  paying 
its  people  a  top  priority.  Paychecks  were  sent 
just  a  few  days  late.  And  now  its  payroll  system 
is  safer  than  ever. 

Estes  Express  Lines.  Hurricane 
Gaston  soaked  the  trucking  company’s 
systems  in  four  feet  of  water.  Now  Estes 
mirrors  its  data  in  sunny,  dry  Arizona. 


Hancock  Bank.  Its  headquarters 
a  complete  loss  after  Hurricane  Ka¬ 
trina,  the  bank  started  from  scratch  by  building 
a  rugged  data  center  farther  inland. 

2F.A.  Richard  &  Associates  Inc. 

Katrina  wreaked  havoc  with  telecom¬ 
munications  system  throughout  the  Gulf  Coast 
region,  so  this  insurance  firm  took  charge  of  its 
phone  systems  and  now  reroutes  calls  made  to 
its  toll-free  numbers  on  its  own. 


3  Marriott  International.  Pin-to-pin 
communication  and  texting  proved 
the  most  reliable  ways  to  stay  in  touch  during 
Katrina.  So  when  Rita  hit,  the  hotel’s  employ¬ 
ees  had  already  been  briefed  and  were  ready. 


3  Hard  Rock  Hotel  &  Casino. 

Damage  to  cell  phone  towers  left 
people  disconnected  after  Katrina.  The  casino’s 
disaster  plans  now  specify  places  for  employ¬ 
ees  to  gather  and  figure  out  the  next  steps. 


ONLINE 

■  Read  the  best  of  Computer- 
world’s  coverage  of  IT’s  responses 
to  Sept.  11  and  Hurricane  Katrina. 

■ 

Slogged  through  a  water-soaked 
office  or  a  hurricane-ravaged  data 
center?  Tell  us  your  story.  Go  to 
http://bjogs.computerworld.com/ 
surviving.the_big.one. 


•  ••&•••••••••••••••••••• 

Get  the  Word  Out.  Your  disaster 
recovery  plan  is  worthless  if  your 
people  aren’t  clued  in  to  it.  Here  are  some  sure¬ 
fire  ways  to  make  everyone  listen.  Plus,  do’s 
and  don’ts  for  disaster  recovery  test  drills. 

Emergency 

Situation.  New  emergency  com¬ 
munication  systems  rely  heavily  on  the  Inter¬ 
net.  But  they  could  be  derailed  by  an  online 
attack,  warns  columnist  Mark  Hall. 


■  ■ 


-  •  • 


B|£I  IQ 

r:  ■•  "I.--  “1  '  - 


sjs*j*w*s 


COMPUTERWOSLB.COM 


Online 

FIND  THESE  STORIES  AT  COMPUTERWORLD.COM/MORE 


Hello, 

Gorgeous! 

Meet  the 
Laptop  You’ll 
Use  in  2015 


We’ll  still  carry  laptop  computers  with  us  seven  years 
from  now,  but  they  might  look  significantly  different.  We 
talked  to  several  leading  hardware  designers  to  see  what 
they’re  up  to.  The  innovations  and  capabilities  they’re 
planning  for  laptops  will  surprise  and  delight  you. 

Going,  Going,  Gone? 

WINDOWS  XP:  You  might  be  able  to  run  XP  for  as  long  as  you 
want.  But  soon,  you  may  not  be  able  to  buy  a  legitimate  copy  of 
it.  What  problems  will  you  face  if  you  want  to  continue  using  the 
operating  system? 


l  \ 


Making  Leopard 
Servers  Simple 

HANDS-ON:  Here’s  an  in-depth  look  at  Mac 
OS  X  Server’s  new  simplified  setup  and 
management  interface  -  the  ways  it  works 
well,  and  where  it’s  not  as  effective. 


How  to  Dump  Vista  SP1 

FAQ:  If  you’ve  upgraded  your  copy  of  Windows  Vista  using 
Service  Pack  1  and  want  to  undo  what  you  did,  here’s  how. 


Blog  Spotlight 

Microsoft  Misleads 

Microsoft  has  launched  a  “Get  Green,  Stay  Green” 
marketing  program  that  couldn’t  be  further  from 
the  truth,  blogs  Preston  Gralla. 

A  Reprieve  for  XP? 

The  approaching  forced  retirement  of  Windows 
XP  is  a  hot  topic.  But  developments  in  ultramobile 
computing  make  David  DeJean  wonder  if  Microsoft  is 
really  going  to  be  able  to  kill  off  Vista’s  predecessor. 

Gartner’s  iPhone  Flip-flop 

I  Gartner  reverses  its  earlier  position  that  enterprises 
■■Sail  should  stay  away  from  the  iPhone.  Seth  Weintraub 
examines  the  research  firm’s  change  of  heart. 


Tales  From  the  Crypt: 

Our  First  Computers 

Computerworld  editors  share  stories  of 
their  first  PCs,  including  some  classics  p  ~~ 
and  some  real  clunkers.  Then  we  turn  the  — 

tables  and  ask  readers  for  their  early-PC  tales. 

A  New  Type  of 
Bluetooth  Security 

OPINION:  Security  capabilities  built  into  Bluetooth  are  good  but 
not  great.  Columnist  Craig  Mathias  suggests  a  new  way  to  use 
Bluetooth  to  significantly  improve  mobile  security. 

High-Tech 
Under  the  Hood 

The  New  York  International 
Auto  Show:  Car  or  toy?  Some¬ 
times  it’s  hard  to  tell  -  but  these 
sure  are  some  sweet  rides. 

SHAM3AI 


I  BETA 


Workplace  Rampage  7  1 

Some  diehards  wish  computers  had  never  made  their 
way  into  the  office.  And  when  PCs  don’t  work  the  way 
users  think  they  should,  tempers  can  flare  -  much  to 
the  amusement  of  bystanders.  http://sfiarkhait 
computerworld.com/?q=n0de/23Gl 7 ’  :■ 


ONLINE  DEPARTMENTS 

Breaking  News 

computerworid.com/news 

Newsletter  Subscriptions 

computerworld.com/newsletters 

Knowledge  Centers 

computerworld.com/topics 

m  EDITOR’S  MOTE 

^  TP 

it. 


J®*. 


nnant 


The  Real  Reality 


THERE  WAS  an  interesting  column  by  Lionel  Beeh- 
ner  in  USA  Today  last  week  about  a  trend  he  calls 
“what-if  thought  experimentation.”  Beehner  ob¬ 
serves  that  there  has  been  a  surge  of  interest  lately 
in  imagining  the  world  in  different  intriguing  scenarios,  such 
as  a  world  in  which  humans  no  longer  exist,  or  one  in  which 


9/11  never  happened.  What 
would  such  a  world  be  like? 

It  reminded  me  of  one 
of  my  favorite  books  as  a 
kid  —  MacKinlay  Kantor’s 
If  the  South  Had  Won  the 
Civil  War.  When  I  Googled 
the  title  to  see  if  it  was  still 
in  print,  I  found  myself 
clicking  through  to  the 
discovery  that  “alternate 
history”  is  a  tremendously 
popular  area  of  interest. 

I  had  no  idea.  But  I’m  not 
surprised. 

The  reason  why  is  sim¬ 
ply  that  I  encounter  so 
many  people  who  are  so 
dissatisfied  with  the  world 
as  it  is  that  they  tend  to 
center  their  thinking  in  an 
alternate  reality.  I  see  it  all 
the  time,  and  some  of  the 
feedback  I  received  on  last 
week’s  column,  “Retrain¬ 
ing  Dilemma,”  is  a  great 
case  in  point. 

In  that  column,  I  raised 
the  issue  of  the  expedi¬ 
ent  approach  taken  by 
many  employers  to  replace 
rather  than  retrain  their 
employees  in  order  to  meet 
changing  skills  require¬ 
ments.  I  cited  the  case  of 
Novell  CEO  Ron  Hovsepi- 
an,  who  told  me  that  in  the 


past  year,  he  has  replaced 
24%  of  his  workforce  in 
order  to  meet  the  immedi¬ 
ate  demand  he  has  had  for 
new  skills. 

While  training  is 
important,  Hovsepian 
explained,  it  has  to  be  bal¬ 
anced  against  the  financial 
demands  confronting 
Novell.  “The  cycle  time  is 
the  biggest  issue,”  he  said. 
“The  brutality  of  the  pres¬ 
sure  the  company  has  to 
operate  under  in  90  days  is 
what  drives  us.” 

I  was  taken  to  task  by 
one  reader  for  letting  Hov¬ 
sepian  get  away  with  that 
comment. 

“I  am  greatly  disappoint¬ 
ed  that  you  report  with¬ 
out  any  critical  analysis 
what  the  employers  wish 
to  propagate,”  he  wrote. 
“What  utter  BS!  It  takes 
them  more  than  90  days 
just  to  make  a  decision! 

II  We  can’t  allow 
our  thinking  to 
he  clouded  oy 
confusing  reality 
with  its  preferable 
alternative. 


It’s  nothing  to  do  with  the 
‘pressure’  in  the  market¬ 
place,  but  everything  to  do 
with  hiring  the  cheapest 
H-1B  peasant  programmer 
at  the  lowest  price.” 

Let  me  be  clear:  The 
fact  that  I  didn’t  fault  Hov¬ 
sepian  doesn’t  mean  I’m 
blind  to  the  negative  con¬ 
sequences  of  a  company 
opting  to  replace  rather 
than  retrain  its  employees. 
As  I  noted  last  week,  until 
we’re  able  to  figure  this 
out,  “too  many  companies 
will  be  forced  to  sacrifice 
invaluable  institutional 
knowledge  for  the  immedi¬ 
ate  cost  savings  that  eco¬ 
nomic  reality  demands.” 

And  therein  lies  the 
problem.  Whether  we  like 
it  or  not,  the  economic 
reality  is  that  public  com¬ 
panies  like  Novell  are 
answerable  to  sharehold¬ 
ers.  That  90-day  cycle 
that  shareholders  live  and 
breathe  in  is  real.  We  can 
all  wonder  what  it  would 
be  like  to  live  in  a  world  in 
which  shareholders  didn’t 
exist.  But  we  can’t  allow 
our  thinking  to  be  clouded 
by  confusing  reality  with 
its  preferable  alternative. 


Offering  some  insight 
into  what  we  might  be 
overlooking  in  dealing 
with  the  realities  that 
confront  us  —  not  deny¬ 
ing  what’s  real  —  is  what 
advances  the  discussion. 
Other  readers  did  just  that. 

“Retraining  is  a  di¬ 
rect  cost  that  is  easy  to 
measure,  and  painful  to 
look  at.  Recruiting,  hir¬ 
ing,  orienting  and  tasking 
new  hires  involve  ‘hidden’ 
costs  that  are  less  obvi¬ 
ous,”  one  reader  wrote. 

“If  [companies]  seek  only 
interchangeable  workers 
for  isolated  work,  they  are 
forgoing  the  benefits  of 
organizational  knowledge, 
informal  work  teams  (how 
work  really  gets  done  in 
an  organization;  not  how 
the  org  chart  says  it  gets 
done)  and  the  chance  to 
build  loyalty  in  those  who 
can  advance  the  company 
through  innovation.” 

And  what  about  em¬ 
ployers  demonstrating 
loyalty  to  their  employees? 
The  same  reader  asked 
a  poignant  question: 

“Why  would  I  think  you 
will  take  care  of  me  as  a 
customer  if  you  can’t  be 
trusted  to  take  care  of 
your  employees?” 

It’s  a  fair  question,  and 
one  I  wish  I’d  asked.  There’s 
no  alternate-reality  dimen¬ 
sion  to  that  one.  ■ 

Don  Tennant  is  editorial 
director  of  Computerworld 
and  InfoWorld.  Contact 
him  at  don_tennant@ 
computerworld.com,  and 
visit  his  blog  at  http:// 
blogs.computerworld. 
com/tennant. 


4  COMPUTERWORLD  MARCH  31, 2008 


■  ONLINE  CHATTER 


RESPONSES  TO: 

Why  the  iPhone  Will 
Change  the  (PC) 
World,  Part  2 

March  14, 2008 

There  are  ergonomic  considerations 
that  may  slow  the  adoption  of  some 
of  these  technologies.  Virtual  key¬ 
boards  like  on  the  iPhone  are  fine 
for  typing  on  the  go.  I  think  most 
folks  will  prefer  a  physical  keyboard 
for  office  work  and  typing  long 
documents,  because  of  the  tactile 
feedback.  Also,  ergonomically  it’s 
best  to  have  a  monitor  at  eye  level, 
but  it’s  tiring  to  hold  your  arms  out 
to  control  an  eye-level  touch  screen. 
Put  it  flat  (or  low)  on  the  table,  and 
it’s  easier  on  your  arms,  but  you’re 
constantly  looking  down,  which  can 
be  hard  on  your  neck. 

■  Submitted  by:  James 

One  technique  used  to  improve 
tactile  feedback  is  to  briefly  enter 
vibration  mode  on  a  key  event. 

■  Submitted  by:  Mick 

RESPONSE  TO: 

Despite  Concerns, 
Corporate  Users 
Adopting  Hosted 
Systems 

March  21, 2008 

The  2008  economy  will  provide 
an  interesting  test  for  SaaS-based 
applications.  The  challenge  to  im¬ 
prove  productivity  and  reduce  costs 
will  increase  interest  in  SaaS  at  a 
time  of  reduced  capital  expendi¬ 
tures,  growing  internal  competition 
for  scarce  IT  resources  and  increas¬ 
ing  need  for  fast  time  to  value  for 
business  application  investments. 
Meanwhile,  SaaS  is  also  spreading 
into  different  types  of  applications, 
beyond  CRM  to  areas  like  talent 
management,  corporate  perfor¬ 
mance  management  and  Web  ana¬ 
lytics.  And  as  more  SaaS  vendors 
secure  SAS  70  Type  II  certification 
for  their  data  centers,  concerns 
around  data  security  will  diminish. 


Perhaps  the  biggest  challenge  facing 
SaaS  vendors  and  customers  will 
be  the  need  to  validate  the  value 
proposition  of  these  solutions.  Hard 
metrics  will  be  required  to  convince 
skeptics  that  interest  in  SaaS  appli¬ 
cations  will  not  fade  away  as  did  the 
computer  timesharing  business  in 
the  early  1980s. 

■  Submitted  by:  Gary  Damiano 

RESPONSE  TO: 

State  Department 
Workers  Ignored 
Passport  Data-Access 
Warnings 

March  21, 2008 

The  fact  that  we  know  which  ac¬ 
count  was  used  to  access  the  records 
is  a  major  leap  forward.  Now  we 
have  to  figure  out  what  to  do  with 
the  high  volume  of  such  informa¬ 
tion  being  generated.  We  are  on  the 
verge  of  being  able  to  know  who  has 
looked  at  our  records.  Imagine  the 
implications  for  the  Freedom  of  In¬ 
formation  Act  when  people  can  ask 
for  an  accounting  of  everyone  that 
has  viewed  their  “private  records.” 

■  Submitted  by:  Joe  Johnson 

RESPONSE  TO: 

U.S.  Sets  Rules 
To  Keep  H-1B  Visa 
Lottery  Fair 

March  20, 2008 

What  we  critically  need  right  now 
is  some  way  to  make  sure  that  the 
people  we  bring  in  on  H-1B  really 
are  the  “best  and  brightest,”  not 
ordinary  workers  brought  in  to 
grab  work  away  from  our  ordinary 
workers.  And  we  need  to  make  sure 
that  the  L-ls  who  come  in  really  are 
managerial  or  expert  transfers,  not 
ordinary  workers  brought  in  to  staff 
a  bench  that  will  then  be  used  to  bid 
against  U.S.  workers  for  jobs. 

■  Submitted  by:  Anonymous 

JOIN  THE  CHATTER!  You,  too,  can 
comment  directly  on  our  stories, 

at  computerworld.com. 


COMPUTERWORLD 

P.O.  Box  9171, 1  Speen  Street 
Framingham,  MA  01701 
(508)  879-0700 

Computerworld.com 

■  EDITORIAL 

Editorial  Director  Don  Tennant 
Editor  in  Chief  Scot  Finnie 
Executive  Editors  Mitch  Betts, 

Julia  King  (events) 

Managing  Editors  Michele  Lee  DeFilippo 
(production),  Sharon  Machlis  (online), 

Ken  Mingis  (news) 

Design  Director  Stephanie  Faucher 
Features  Editors  Kathleen  Melymuka, 

Valerie  Potter,  Ellen  Fanning  (special  reports), 
Barbara  Krasnoff  (reviews) 

Senior  Editor  Johanna  Ambrosio  (channels) 
Senior  News  Editor  Craig  Stedman 
News  Editors  Mike  Bucken,  Marian  Prokop 
National  Correspondents  Gary  Anthes, 
Thomas  Hoffman,  Julia  King,  Robert  L.  Mitchell 
Reporters  Brian  Fonseca,  Sharon  Gaudin, 

Matt  Hamblen,  Heather  Havenstein,  Gregg  Keizer, 
Eric  Lai,  Linda  Rosencrance,  Patrick  Thibodeau, 
Jaikumar  Vijayan,  Todd  R.  Weiss 
E-mail  Newsletters  Editor  David  Ramel 
Channel  Editors  Johanna  Ambrosio 
(servers  and  data  centers),  Angela  Gunn 
(security),  Lucas  Mearian  (storage), 

David  Ramel  (networking  and  Internet) 
Assistant  Managing  Editor  Bob  Rawson 
(production) 

Blogs  and  Projects  Editor  Joyce  Carpenter 
Editor  at  Large  Mark  Hall 
Senior  News  Columnist  Frank  Hayes 
Art  Director  April  O’Connor 
Associate  Art  Director  Owen  Edwards 
Research  Manager  Mari  Keefe 
Senior  Copy  Editors  Eugene  Demaitre, 

Monica  Sambataro 
Copy  Editor  Donna  Sussman 
Associate  Editor,  Community  Ken  Gagnb 
Office  Manager  Linda  Gorgone 
Contributing  Editors  Jamie  Eckle, 

Preston  Gralla,  David  Haskin 

■  CONTACTS 

Phone  numbers,  e-mail  addresses  and 
reporters’  beats  are  available  online  at 
Computerworld.com  (see  Contacts  link 
at  the  bottom  of  the  home  page). 

Letters  to  the  Editor  Send  to  letters® 
computerworld.com.  Include  an  address  and 
phone  number  for  immediate  verification. 

Letters  will  be  edited  for  brevity  and  clarity. 

24-hour  news  tip  hot  line  (508)  620-7716 
Subscriptions  and  back  issues  (888)  559- 

7327,  cw@omeda.com 
Reprints/permissions  The  YGS  Group 

(800)  290-5460,  ext.  150,  computerworld® 
theygsgroup.com 


MARCH  31,  2008  COMPUTERWORLD  5 


THE  WEEK  AHEAD 

MONDAY:  The  Women  Who  Tech  “telesummit”  is  scheduled 
to  be  held  via  a  conference  call  and  webinar. 

TUESDAY:  The  U.S.  government  begins  accepting  H-1B  visa 
applications  for  its  2009  fiscal  year  (see  story,  page  16). 

TUESDAY:  The  CTIA  Wireless  2008  and  Data  Center  World 
Spring  2008  conferences  open,  both  in  Las  Vegas. 

FRIDAY:  BEA  Systems  plans  to  hold  a  stockholder  meeting 
on  Oracle’s  proposed  acquisition  of  the  software  vendor. 


SECURITY 


Microsoft 
Finally  Sounds 
Jet  Bug  Alarm 

A  SECURITY  MANAGER  acknowledged  last 
week  that  Microsoft  Corp.  knew  of  bugs  in 
its  Jet  Database  Engine  as  far  back  as  2005 
but  left  them  unpatched  because  the  com¬ 
pany  thought  that  the  obvious  attack  vectors 
were  blocked. 

Mike  Reavey,  operations  manager  at  the 
Microsoft  Security  Response  Center,  admit¬ 
ted  in  a  blog  post  that  outside  researchers 
had  notified  Microsoft  in  2005  and  2007  of 
multiple  bugs  in  the  engine. 

Jet  is  a  Windows  component  that  provides 
data  access  to  widely  used  Microsoft  prod¬ 
ucts  such  as  the  Access  database  and  Visual 
Basic  development  tools.  The  vulnerabilities 
allow  hackers  to  access  computers  using 
Windows  2000,  Windows  XP  or  Windows 
Server  2003  SP1  through  Microsoft  Word. 

A  Microsoft  spokesman  said  that  the  com¬ 


pany  is  working  on  a  patch,  though  he  didn’t 
disclose  release  plans.  But  he  did  say  that 
the  update  may  become  available  before 
Microsoft’s  next  regularly  scheduled  patch 
release  on  April  8. 

In  both  2005  and  2007,  Microsoft  told  the 
researchers  that  it  would  not  fix  the  flaw 
because  it  believed  features  in  its  Outlook 
software  and  Exchange  servers  would  auto¬ 
matically  blunt  attacks,  Reavey  said. 

Earlier  this  month,  however,  researchers 
at  Symantec  Corp.  reported  that  hackers 
were  starting  to  exploit  the  Outlook  feature 
to  launch  successful  attacks. 

“Everything  changed  with  the  discovery 
of  this  new  attack  vector,”  Reavey  said. 
“That’s  why  we  alerted  customers  and  are 
reinvestigating  Jet  parsing  flaws.” 

Oliver  Friedrichs,  a  director  in  Syman¬ 
tec’s  security  response  unit,  said  Microsoft 
should  have  patched  the  vulnerability  long 
ago.  “I  can’t  count  the  number  of  times 
we’ve  seen  this  in  the  past  with  a  Microsoft 
product,”  he  said.  “Clearly,  there  should 
have  been  more  concern  from  Microsoft  in 
the  first  place.  It  does  draw  some  concern.” 

Reavey  said  that  the  Microsoft  security 
team  is  still  working  to  determine  exactly 
how  to  patch  the  bug.  Options  include  re¬ 
placing  the  version  of  Jet  in  Windows  2000, 
XP  and  Server  2003  SP1  with  a  newer  Vista 
and  Windows  Server  2003  SP2  version. 

Reavey  acknowledged  that  a  patch  would 
not  completely  eliminate  the  bugs.  “Jet  data¬ 
base  files  will  remain  on  the  ‘unsafe  file  type’ 
list  because  they  can  run  code  by  design,” 
he  said.  “Even  if  we  tried  to,  we  could  not 
secure  this  file  format;  it  will  always  present 
attackers  an  opportunity  to  run  code.” 

In  the  meantime,  both  Microsoft  and 
Symantec  last  week  advised  users  to  either 
disable  the  vulnerable  files  or  disable  the  Jet 
Database  Engine. 

—  Gregg  Keizer 


DARPA  Taps 
Sun  to  Bund 
‘Macrochips’ 

Sun  Microsystems  Inc. 
last  week  said  the  Defense 
Advanced  Research  Proj¬ 
ects  Agency  is  giving  it  up 
to  $44.3  million  to  fund 
research  on  using  optical 
technology  to  speed  up 
communication  between 
processors  in  supercomput¬ 
ers  and  other  systems. 

The  project  is  aimed  at 
developing  what  Sun  de¬ 
scribed  as  “virtual  macro- 
chips”  -  arrays  of  low-cost 
processors  connected  via 
silicon-based  optics. 

The  idea  of  using  optical 
connections  between  proc¬ 
essors  isn’t  new.  But  Ron 
Ho,  a  distinguished  engineer 
at  Sun  who  is  part  of  the 
macrochip  project  team, 
said  a  key  issue  will  be  re¬ 
ducing  the  amount  of  energy 
that  optical  chips  consume. 

“You  can’t  exploit  the 
power  of  optics  without 
bringing  the  power  [usage] 
way  down,”  Ho  said.  “That’s 
the  risk  DARPA  is  trying  to 
address  with  this  program.” 

-PATRICK  THIBODEAU 


I  think  two  or 
three  years  would 


up  in  a  product. 

NATHAN  BR0CKW00D, 

ANALYST.  INSIGHT  64 


6  C0MPUTERW0RLD  MARCH  31,  2008 


H.  tq  ov 


'Gtffenily,  our  network  writ, keep  uf  uatk  fkjfdwM 
e/ectfonic  detank,  which  revenue  and 
fmi ’cfivity  is...  if  You'd  a//  like  to  follow  me  d^n  a 
•floor,  IU  rorrfmei' 


B8§ 


»  Business  demands  bringing  you  down?  Then  trust  the  Juniper  Networks  portfolio  of 
network  infrastructure  solutions  to  keep  you  ahead  of  constantly  evolving  business 
requirements.  Juniper  delivers  more  choice  and  control  from  your  network,  while  our 
streamlined  JUNOS™  software  minimizes  downtime  and  reduces  complexity,  network 
management  expenses  and  operating  costs. 

Increase  the  value  of  your  network  by  bringing  innovation  to  market  faster.  That’s  a 
clear  competitive  edge.  The  switch  is  on  to  high-performance  network  infrastructure: 

www.juniper.net/connected 


Juniper 

,qUt 

Net- 


1.888. JUNIPER 


■  NEWS  DIGEST 


SOFTWARE 

Trash  Company  Sues  SAP 
After  Dumping  ERP  Apps 


WASTE  Manage¬ 
ment  Inc.  is  suing 
SAP  AG,  claim¬ 
ing  that  a  fraudulent  sales 
scheme  by  the  software 
vendor  led  to  a  failed  ERP 
project  at  the  trash  dispos¬ 
al  company. 

Houston-based  Waste 
Management  said  in  a 
statement  that  the  com¬ 
pany  is  seeking  to  recover 
more  than  $100  million  in 
project  costs,  and  that  it 
also  wants  to  gain  “the  sav¬ 
ings  and  benefits  that  the 
SAP  software  was  prom¬ 
ised  to  deliver.” 

A  spokeswoman  for 
Waste  Management  said 
the  company  wouldn’t 
comment  beyond  its  state¬ 
ment  about  the  lawsuit, 
which  was  filed  March  20 
in  a  Texas  county  court. 

But  she  noted  that  Waste 
Management  will  continue 
using  the  proprietary  sys¬ 
tem  that  SAP’s  applications 
were  supposed  to  replace. 

Meanwhile,  an  SAP 
spokesman  said  that  the 
vendor  doesn’t  comment 
about  ongoing  litigation. 


From  the  begin¬ 
ning,  SAP  assured 
Waste  Management 
that  its  software  was  an 
‘out-of-the-box’  solution. 
Unfortunately,  Waste 
Management  ultimately 
learned  that  these  repre¬ 
sentations  were  not  true. 

“  FROM  A  STATEMENT 
ISSUED  LAST  WEEK  B¥ 
WASTE  MANAGEMENT  INC. 


The  legal  action  stems 
from  a  software  purchase 
contract  signed  in  October 
2005.  Waste  Management, 
which  was  looking  to  in¬ 
stall  a  new  revenue  man¬ 
agement  system,  said  that 
SAP  described  the  Waste 
and  Recycling  version  of 
its  ERP  applications  as  “a 
tested,  working  solution.” 

According  to  Waste 
Management,  SAP  said  the 
software  could  be  imple¬ 
mented  throughout  its 
operations  in  18  months, 
without  customization  or 


enhancements.  But,  the 
trash  hauler  contended, 
SAP’s  product  demonstra¬ 
tions  were  based  on  “fake 
software  environments, 
even  though  these  demon¬ 
strations  were  represented 
to  be  the  actual  software.” 

Waste  Management’s 
suit  claims  that  “almost 
immediately”  after  the 
contract  was  signed,  an 
implementation  team 
from  SAP  “discovered  sig¬ 
nificant  ‘gaps’  between  the 
software’s  functionality 
and  Waste  Management’s 
business  requirements.” 

The  court  filing  says 
that  a  pilot  rollout  in  New 
Mexico  that  SAP  originally 
promised  would  be  up  and 
running  by  December  2006 
“is  not  even  close  to  being 
completed  today.”  Accord¬ 
ing  to  the  suit,  last  summer 
SAP  told  Waste  Manage¬ 
ment  that  the  company 
would  have  to  “start  over” 
and  agree  to  let  SAP  build  a 
new  version  of  the  software. 

Waste  Management  said 
that  it  and  SAP  recently 
scheduled  a  three-day 
mediation  process.  But, 
the  company  added,  SAP 
ended  the  meetings  after 
the  second  day. 

—  Chris  Kanaracus, 
IDG  News  Service 


Short 

Takes 

The  U.S.  Federal  Trade 
Commission  settled  data 
breach  complaints  against 
retailer  TJX  Companies 

and  data  broker  Reed 
Elsevier  PIC.  The  settle¬ 
ment  requires  that  both 
firms  create  comprehen¬ 
sive  information  security 
programs  and  submit  to 
biennial  data  security  au¬ 
dits  for  the  next  20  years. 

Sun  Microsystems  Inc. 

confirmed  that  it  shipped 
some  Sparc  Enterprise 
T5120  and  T5220  sys¬ 
tems  with  flaws  that  could 
allow  remote  attackers  to 
hijack  the  machines.  The 
company  disclosed  few 
details  about  the  flaw  but 
issued  instructions  for  fix¬ 
ing  the  affected  systems. 

Oracle  Corp.  has  agreed 
to  acquire  a  set  of  Web 
application  testing  prod¬ 
ucts  from  Empirix  Inc.  for 
an  undisclosed  sum.  The 
Empirix  e-Test  suite  will 
be  part  of  Oracle’s  Enter¬ 
prise  Manager  product. 

Moziila  Corp.  has  con¬ 
firmed  that  the  release  of 
the  final  beta  of  Firefox 
3.0  is  imminent  and  that 
it  expects  to  deliver  the 
finished  open-source 
browser  in  June. 


SECURITY 

Programmer  Sentenced 
For  Stealing  Bank  Data 


A  FORMER  PROGRAMMER  at 
a  Birmingham,  Ala.,  bank  has 
been  sentenced  to  42  months  in 
prison  for  stealing  a  hard  drive 
containing  1  million  customer 
records  and  using  some  of  the 
data  to  commit  debit  card  fraud. 

A  federal  judge  also  ordered 
James  Kevin  Real  and  a  female 
accomplice  to  pay  back  nearly 


$33,000  that  they  withdrew 
last  year  from  accounts  at 
Compass  Bank  using  counter¬ 
feit  debit  cards. 

The  data  compromise  was 
one  of  the  largest  breaches  at  a 
U.S.  bank  to  come  to  light  thus 
far,  in  terms  of  the  number  of 
customer  records  that  were  po¬ 
tentially  exposed.  But  Compass 


spokesman  Ed  Bilek  said  last 
week  that  the  bank  notified  only 
the  250  or  so  customers  whose 
debit  cards  were  counterfeited 
by  Real  and  his  accomplice. 

According  to  court  docu¬ 
ments,  the  drive  Real  stole 
last  May  held  a  database  that 
included  the  names,  account 


numbers  and  online  passwords 
of  Compass  customers. 

But  Bilek  said  that  the  records 
were  stored  in  a  format  that 
wasn’t  “readily  usable”  for 
committing  fraud  or  accessing 
account  information.  He  didn’t 
clarify  what  he  meant  by  that. 

Alabama  is  one  of  11  states  that 
don’t  require  companies  to  au¬ 
tomatically  notify  affected  con¬ 
sumers  about  security  breaches 
involving  the  compromise  of 
unencrypted  personal  data. 

-  JAIKUMAR  VIJAYAN 


8  C0MPUTERW0RLD  MARCH  31,  2008 


NIW  THIS  WEEK 


SAtl  > 

f*£E  SHIPPING  FVFNTS 
NEWKUsMtS'  » 

HOT  PfiE-OKOEBS  » 


Osi*7  but  ©ITi'LKl'  CfcSTSiK  Groot  Deals  on  Discounted  items  Q 


TOP-RATED 

PRODUCTS 


ONLY  ON 
aEST8UV.COM 

Stee.nS’eS’s 


AHORAENTU 

PROPIO  IDiOMA 


ass-  'v*ar»t»n 


celebrating 


'•VeoWyAd  Stere  Locator  Outioi  Center  Gif'.  Center 

>C>H  &«SC*r.tt  Kr-&rf2«r**:  Cy*«£«W  Swv>.«  V<*>.  i»>  0«*»  itaua  M/Attttf I* 


10%  OFF 

SELECT  HDTVs 


Akamai,  Enabling  the  Revolution 


A  lot  can  happen  in  ten  years.  Especially  with 
Internet  technology  that's  revolutionizing  virtually 
every  facet  of  business.  New  sales  channels.  New 
applications  and  business  processes.  New 
opportunities — and  risks.  In  our  first  ten  years, 
Akamai  has  helped  the  world's  leading  businesses 
become  the  world's  leading  online  businesses. 

And  we're  just  getting  started. 

Learn  more  at  ww w. a ka ma i . cdm/i  Oye$fS  ' 


Best  Buy  has  been  ranked  number  one  for  >• 
handling  daily  Web  site  volume  during  the  holidays 
Having  added  mashups,  waiting  room  applications, 
and  customer-powered  content,  Best  Buy  has 
revolutionized  its  online  customer  experience  by  , 
integrating  interactive  and  rich  media,  and  ,A! 
providing  a  personalized  shopping  environment.  ;  . 


Akamai 


■  NEWS  DIGEST 


BETWEEN  THE  LINES 


By  John  Klossner 


l 

I 

I 

l 

t 

1. 


SaaS 

Hosted  Software  Is  Not 
A  Panacea,  CIOs  Warn 


SANTA  CLARA,  CALIF. 

HILE  MOSTLY 
agreeing  that  the 
software-as-a- 
service  model  can  cut  IT 
costs  and  ease  administration 
and  upgrades,  a  panel  of  CIOs 
at  Computer-world’s  SaaSCon 
conference  here  last  week 
also  warned  that  it’s  not 
beneficial  for  all  companies. 

For  example,  Jesus  Ar¬ 
riaga,  CIO  at  Bosley  Medical 
Group  Inc.  in  Beverly  Hills, 
Calif.,  said  that  companies 
using  a  lot  of  customized 
software  should  avoid  host¬ 
ed  software. 

“If  you  have  a  unique  situ¬ 
ation  that  requires  a  ton  of 
customization  or  modifica¬ 
tion,  then  you  definitely 
have  to  look  at  a  different 
model,”  he  remarked. 

Dean  Lane,  CIO  at  Henley- 
Putnam  University  in  San 
Jose,  advised  companies 
interested  in  the  SaaS  model 
to  closely  scrutinize  hosted 
products  and  the  vendors 
that  offer  them. 


* 
I 
* 
1 
I 
t 
1 
\ 
% 
t 

i 
I 
5! 

.  .  2 
about  their  security  policies,  ; 

data  center  locations,  back¬ 
up  and  recovery  capabili¬ 
ties,  and  plans  for  handling 
unexpected  outages. 

Joe  Lacik,  senior  vice 
president  of  information 
services  at  Aviall  Services 
Inc.,  a  Fort  Worth,  Texas- 
based  unit  of  The  Boeing 
Co.,  said  he’s  skeptical  of  the 
SaaS  model. 

“[Hosted  software] 
sounds  like  it’s  going  to 
mean  less  people  and  lower 
costs,”  he  said.  “I’m  not  con-  ; 
vinced.  It  just  shifts  work¬ 
load  and  increases  your  re¬ 
sponsibility.”  Moreover,  he 

£ 

added,  “the  idea  that  you’re 
going  to  make  a  change  in 
technology  [without]  an  up¬ 
front  cost  is  a  big  problem.” 

—  Brian  Fonseca 


Global . 
Dispatches 


IT  managers  must  calcu¬ 
late  the  long-term  costs  of 
hosted  software  and  deter¬ 
mine  whether  providers  can 
meet  their  needs,  he  said. 

In  particular,  they  should 
ask  hosted  software  vendors 


[Hosted  soft¬ 
ware]  sounds 
like  it's  going  to 
mean  less  people 
and  lower  costs,  Pm 
not  convinced,  it 
just  shifts  workload 
and  increases  your 
responsibility. 

JOE  LACIK,  SENIOR  VICE 
PRESIDENT.  AVIALL  SERVICES  INC. 


U.K.  Considers 
E-crime  Unit 

LONDON- The  U.K.  Home  Of¬ 
fice  last  week  confirmed  that 
it  is  “considering”  funding  a 
national  e-crime  unit  proposed 
by  the  country’s  Association  of 
Chief  Police  Officers. 

Earlier  this  month.  Home 
Office  Minister  Vernon  Coaker 
met  with  Charlie  McMurdie, 
head  of  Scotland  Yard’s  Com¬ 
puter  Crime  Unit,  and  other  law 
enforcment  officials  to  discuss 
the  proposal. 

The  police  chiefs  group  has 
proposed  that  the  Home  Office 
approve  £1.3  million  ($2.6  mil¬ 
lion  U.S.)  in  initial  funding  for 
the  e-crime  organization. 

A  Home  Office  spokesman 
said  that  the  agency  is  “con- 


After  being  pressured  by  in¬ 
vestor  Carl  Icahn  to  restruc¬ 
ture  itself,  Motorola  Inc. 

said  it  plans  to  spin  off  its 
unprofitable  mobile  device 
business  into  a  separate 
company  next  year. 

Washington  Gov.  Chris 
Gregosre  signed  a  bill  making 
it  a  felony  to  surreptitiously 


scan  RFID-based  driver’s 
licenses  and  ID  cards  to  en¬ 
gage  in  fraud,  identity  theft 
or  other  illegal  acts. 

THREE  YEARS  AGO: 

Hewlett-Packard  Co.’s 
board  chose  Mark  Hurd, 
then  the  CEO  of  NCR  Corp., 
to  replace  the  ousted  Carly 
Fiorina  as  HP’s  CEO. 


sidering  how  we  take  an  over¬ 
all  approach  to  issues  such  as 
electronic  fraud.” 

McMurdie  told  Computer- 
world  U.K.  that  the  meeting 
with  Coaker  was  “fairly  posi¬ 
tive”  and  that  she  expects  an 
answer  in  four  to  six  weeks. 
“He’s  asked  us  to  leave  it  with 
him  in  the  short  term,  to  see  if 
the  funding  is  available,”  said 
McMurdie. 

Leo  King, 

Computerworld  U.K. 

BT  Opens  IT 
Center  in  India 

GURGAON,  INDIA -BT  Group 
PLC  last  week  opened  a  global 
operations  center  here  to  run 
systems  and  processes  for 
BT’s  various  worldwide  busi¬ 
ness  lines.  About  300  people 
will  work  in  the  facility. 

The  center  will  also  support 
corporate  functions,  such  as 
procurement,  legal,  finance 


and  human  resources  opera¬ 
tions,  the  company  said. 

The  London-based  telecom¬ 
munications  company  has 
opened  similar  centers  in  Hun¬ 
gary,  Brazil  and  China. 

John  Ribeiro, 

IDG  News  Service 


BRIEFLY  NOTED 
Jeremy  Richard  Godfrey  has 
been  named  CIO  for  the  gov¬ 
ernment  of  Hong  Kong.  God¬ 
frey,  most  recently  a  partner 
at  PA  Consulting  Group  Ltd., 
previously  held  management 
posts  in  the  Hong  Kong  office 
of  Cable  &  Wireless  PLC  and 
at  Hongkong  Telecom.  He  will 
begin  his  new  job  on  April  7. 
Stefan  Hammond, 
Computerworld 
Hong  Kong 
Online 


10  COMPUTERWORLD  MARCH  31,  2008 


I 


What  does  it  take  to  provide  360°  communications 
in  a  24/7  business  world? 

Expectations  are  high  for  communication  systems  in  today’s  connected  world.  They  are  expected 
to  deliver  a  lower  cost  of  ownership  while  ensuring  that  people  are  available  and  have  the  tools 
necessary  to  collaborate.  NEC,  the  global  IT  and  networking  company,  delivers  mobility  and  unified 
communications  that  integrate  with  our  UNIVERGE®  IP  Telephony  platforms,  to  improve  business 
processes  and  customer  relationships  by  connecting  people  to  people  and  the  information  they 
need  anytime,  anywhere.  NEC,  Empowering  you  through  innovation. 

L-  www.necus.com/necip 


IT  SERVICES  AND  SOFTWARE  ENTERPRISE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS  IMAGING  AND  DISPLA' 


NEC  is  proud  to  have  the  No.  1  worldwide  ranking  in  enterprise  telephony  extension  line 
shipments  in  2006,  for  the  second  year  in  a  row,  according  to  Gartner.’ 

'Market  Share:  Enterprise  Telephony  Equipment  Worldwide,  2006:  Megan  Fernandez  &  Isabel 
Montero,  July,  2007  ©NEC  Corporation  2007.  NEC  and  the  NEC  logo  are  registered  trademarks 
of  NEC  Corporation.  Empowered  by  Innovation  is  a  trademark  of  NEC  Corporation. 


Empowered  by  Innovation 


Genome 

Discovery 

Forces 
Massive  IT 
Upgrade 

A  government-backed  grid 
project  is  making  cancer 
treatment  and  research 
data  more  widely  available. 

By  Heather  Havenstein 


■  GRID  COMPUTING 


IN  JUNE  2000,  U.S. 

President  Bill  Clin¬ 
ton  and  British 
Prime  Minister 
Tony  Blair  unveiled 
what  amounted  to  a 
“rough  draft”  of  the 
deciphered  human  genome, 
a  milestone  in  the  effort  to 
crack  the  complex  genetic 
code  that  shapes  human 
development. 

The  effort  to  map  the  hu¬ 
man  genome,  completed 
in  April  2003,  was  heavily 
dependent  on  advanced 
computing  techniques  for 
the  data-intensive  task  of 
mapping  the  sequence  of 
3  billion  base  gene  pairs. 

Ironically,  getting  that  ge¬ 
netic  data  into  the  hands  of 
biomedical  researchers  has 
created  another  major  com¬ 
puter  quandary:  the  need 
for  even  more  advanced  sys¬ 
tems  that  can  keep  up  with 
an  increasing  number  of 
disease  subcategories  being 
discovered  through  genetic 
research. 

The  National  Cancer 
Institute  took  on  the  task 
of  addressing  that  issue  in 
2003  by  launching  what  it 
calls  the  largest  IT  project 
in  the  history  of  biomedi¬ 
cal  research.  The  NCI  cre¬ 
ated  what  is,  in  essence,  a 
World  Wide  Web  of  cancer 
research. 

The  new  Cancer  Bio¬ 
medical  Informatics  Grid, 
or  caBIG,  promises  to  help 
researchers,  physicians  and 
patients  across  the  country 
better  share  more-detailed 
information  about  diseases 
and  thus  speed  the  devel¬ 
opment  of  new  drugs  and 
treatments  for  them. 

The  government-funded 
effort  costs  about  $20  mil¬ 
lion  per  year,  the  NCI  said. 

To  date,  42  of  the  NCI’s 
63  cancer  centers  are  either 
linked  to  the  caBIG  grid  or 
installing  the  infrastructure 
they  need  to  participate. 


More  than  40  applications 
have  already  been  devel¬ 
oped  and  are  being  shared 
across  the  grid. 

Traditionally,  cancer 
researchers  focused  on 
studying  a  relatively  small 
number  of  disease  catego¬ 
ries,  such  as  lung  cancer, 
breast  cancer  or  colon  can¬ 
cer.  But  as  the  genome  work 
expanded,  many  disease 
subtypes  were  discovered 
within  those  categories,  and 
each  may  require  a  different 
treatment. 

Cancer  researchers 
quickly  saw  the  need  to  as¬ 
semble  as  much  information 
as  possible  to  help  in  the  de¬ 
velopment  of  new  disease- 
specific  treatment  options. 
So  to  broaden  the  number 
of  data  sources,  the  NCI  has 
begun  expanding  the  grid 
to  include  the  community 
hospitals  and  physicians 
that  treat  80%  of  U.S.  cancer 
patients. 

INTEROPERABILITY 

Project  backers  said  that 
researchers  decided  early 
on  to  focus  on  improving 
interoperability  rather  than 
force  research  organiza¬ 
tions  to  standardize  on  ex¬ 
pensive  new  IT  systems  and 
software. 

Toward  that  end,  the  de¬ 
velopers  used  the  Globus 
Toolkit,  a  set  of  open-source 
tools  for  building  grid  sys¬ 
tems  and  applications  that 
run  on  top  of  Web  services 
that  are  open  to  anyone  with 
a  node  on  the  system.  The 
Globus  tools  are  distributed 
by  the  Globus  Alliance. 

Developers  also  created  a 
collection  of  tools  that  serve 
up  semantic  descriptions  of 
vocabulary  and  data  so  that 
both  humans  and  machines 
can  interpret  data  from 
dissimilar  systems.  And  a 
common  security  model 
was  built  to  allow  research 
Continued  on  page  14 


12  COMPUTERWORLD  MARCH  31,  2008 


Wm 


* WA'  M»w«[ w? 
wwMMlwiWiwI 


VrtV**.*  UTriViVi'iV 

MM 


One  example  is  the  Liebert  XD™  This  flexible,  modular  cooling  system  reduces 
cooling  energy  costs  by  30%  while  enabling  higher  rack  densities.  Download 
our  Energy  Logic  white  paper  to  discover  what  increased  efficiency  can  do  for 
your  business  at  energy.liebert.com 


Liebert  energy  efficiency 

Just  another  reason  why  Emerson  Networ 
in  enabling  Business-Critical  Continuity T 


Emerson,  Business-Critical  Continuity  and  l  iebert  are  trademarks  of  Emerson 


' 


jfptetpi 
"““‘SiSl 


wmuemsi 


In  your  data  center,  energy  costs  are  spinning  out  of  control. 
In  your  business,  demand  for  computing  is  doing  the  same. 


Spiraling  IT  energy  consumption  is  increasing  costs  and  limiting  your  ability 
to  add  new  technology.  Emerson  Network  Power  and  its  Liebert  power  and 
cooling  technologies  can  help  you  reverse  the  rise  in  energy  consumption 
and  remove  constraints  to  growth 


■  GRID  COMPUTING 


This  change  in  medi¬ 
cine  is  revolutionary. 
We  have  the  capacity  now  to 
look  and  see  how  an  individ¬ 
ual  might  respond  to  a  par¬ 
ticular  therapeutic  approach. 

DIRECTOR,  NATIONAL  CANCER 
INSTITUTE,  CENTER  FOR  BIOINFORMATICS 


Continued  from  page  12 
centers  to  run  caBIG  as  a 
distributed  infrastructure 
that  lets  each  participant 
create  individual  policies  to 
determine  who  can  author 
or  access  data. 

In  addition,  Ken  Beutow, 
director  of  the  NCI’s  Center 
for  Bioinformatics,  said  the 
institute  has  set  up  “work¬ 
spaces”  —  groups  of  people 
that  meet  regularly  to  dis¬ 
cuss  specific  domains  of 
work,  such  as  tissue  banks 
and  pathology  tools.  The 
workspace  groups  provided 
input  on  building  the  com¬ 
mon  vocabularies  and  data 
elements,  he  noted. 

Robert  Annechiarico, 
director  of  cancer  center 
information  systems  at 
Duke  University,  which  has 
already  helped  build  ap¬ 
plications  for  the  grid,  said 
that  creating  the  common 
data  elements  is  particularly 
important  for  academic  re¬ 
searchers.  “Academic  medi¬ 
cal  centers  are  a  community 
of  fiefdoms  bound  together 
by  a  common  parking  prob¬ 
lem,”  he  explained. 

Researchers  at  Duke  con¬ 
tributed  to  the  development 
of  two  caBIG  applications, 
the  Cancer  Central  Clinical 
Database  and  the  Cancer 
Central  Clinical  Participant 
Registry. 

The  latter  application,  a 
Web-based  tool  for  manag¬ 
ing  clinical  trial  data  across 
multiple  cancer  centers,  can 
provide  researchers  with 
access  to  records  about  pa¬ 
tients  diagnosed  with  one 
of  the  new  subcategories  of 
cancer. 

“Where  I  might  see  five 
patients  a  year  with  a  partic¬ 
ular  disease,  now  I  can  see 
50,”  Annechiarico  said. 

Duke  is  using  the  clinical 
database  in  a  $6.8  million 
research  project,  funded 
by  the  U.S.  Department  of 
Defense’s  Breast  Cancer 


14  C0MPUTERW0RLD  MARCH 


Research  Program,  to  study 
how  genomic  profiling  can 
be  used  to  guide  treatment 
plans  for  women  with  newly 
diagnosed  breast  cancer,  he 
added. 

In  addition  to  expanding 
the  data  sets  that  research¬ 
ers  can  access,  caBIG  could 
also  make  treatment  safer 
for  patients,  noted  Warren 
Kibbe,  director  of  bioinfor¬ 
matics  at  the  Robert  H.  Lu¬ 
rie  Comprehensive  Cancer 
Center  in  Evanston,  Ill. 

For  example,  he  said, 
development  of  a  caBIG 
clinical  trial  management 
application  would  allow  re¬ 
searchers  to  determine  the 
adverse  effects  of  a  single 
medication  used  in  multiple 
clinical  trials.  “That  is  one 
example  of  how  caBIG  is 
starting  to  touch  patients  in 
a  way  that  hasn’t  been  pos¬ 
sible,”  Kibbe  added. 

The  open-source  Patient 
Study  Calendar  applica¬ 
tion  now  in  development  at 
the  center  will  be  used  for 
patients  in  clinical  trials,  he 
noted.  Among  other  things, 
the  application  will  be  able  to 
tell  patients  how  much  medi¬ 
cation  to  take  and  when. 

The  single  application 
could  define  patient  man¬ 
agement  parameters,  elimi¬ 
nating  some  of  the  problems 
that  result  when  doctors 
with  different  types  of  train¬ 
ing  —  a  surgeon  versus  an 
oncologist,  for  example 
—  interpret  rules  differently, 
Kibbe  said. 

Implementing  caBIG  has 
not  been  without  challenges, 

31,  2008 


at  least  according  to  an  NCI- 
commissioned  review  of  the 
project  that  was  released 
late  last  year. 

The  report  found  that 
over  the  life  of  the  effort 
—  from  2003  to  2007  —  de¬ 
velopers  did  not  adequately 
work  to  meet  the  needs  of 
end  users  and  too  often  re¬ 
leased  buggy  products. 

Beutow  said  the  report 
prompted  the  NCI  to  “re¬ 
double”  its  efforts  to  provide 
users  with  better  technical 
support.  The  agency  now 
sends  users  updates  on  the 
program  via  e-mail  lists, 
has  created  Web  sites  with 
caBIG  information  and  has 
launched  a  telephone  help 
line  to  provide  technical 
support  to  users. 

LONG  ROAD  AHEAD 

At  the  same  time,  the  caBIG 
program  is  in  the  midst  of  an 
effort  to  link  the  grid  and  its 
40 -plus  applications  to  com¬ 
munity  health  care  provid¬ 
ers.  To  date,  16  have  signed 
up  to  join  the  program. 

And  national  cancer  cen¬ 
ters  in  the  U.K.  are  in  the 
process  of  building  an  infra¬ 
structure  to  become  “caBIG- 
enabled,”  Beutow  added. 

Len  Lichtenfeld,  deputy 
chief  medical  officer  of  the 
American  Cancer  Society, 
noted  that  data-sharing 
projects  like  caBIG  are  criti¬ 
cal  to  science  but  still  have  a 
long  way  to  go. 

“We  haven’t  even  begun 
to  scratch  the  surface  of 
how  we  can  cooperate  and 
share  data,”  he  said.  Taking 


advantage  of  the  “explosion 
of  information”  generated 
by  genomic  research  is  go¬ 
ing  to  take  a  tremendous 
amount  of  infrastructure 
development  —  and  time, 
Lichtenfeld  added. 

“I  am  61  years  old,  [and] 

I  would  hope  we  are  able  to 
see  some  of  this  connectiv¬ 
ity  before  I  am  gone  from 
this  earth,”  he  noted.  “It  is 
going  to  take  us  another 
generation  until  we  see  the 
type  of  applications  where 
we  can  put  it  directly  into 
affecting  patient  care.” 

Nonetheless,  the  NCI’s 
parent  organization,  the  Na¬ 
tional  Institutes  of  Health,  is 
already  holding  up  caBIG  as 
a  model  for  sharing  research 
and  treatment  data  associat¬ 
ed  with  other  illnesses,  like 
cardiovascular  disease. 

David  Steffen,  director  of 
the  Bioinformatics  Research 
Center  at  Baylor  College  of 
Medicine  in  Houston,  noted 
that  his  organization  is  now 
working  under  caBIG  aus¬ 
pices  to  find  a  way  to  use  the 
grid  to  share  cardiovascular 
disease  research  data. 

“This  change  in  medicine 
is  revolutionary,”  Beutow 
said.  “We  have  the  capacity 
now  to  look  and  see  how  an 
individual  might  respond 
to  a  particular  therapeutic 
approach.” 

The  medical  community 
should  use  IT  resources  to 
extend  biomedical  research 
the  same  way  that  technol¬ 
ogy  has  transformed  the 
financial  services  industry 
and  the  DoD,  he  added. 

CaBIG  is  also  working 
with  President  Bush’s  Office 
of  the  National  Coordina¬ 
tor  for  Health  Informa¬ 
tion  Technology  —  which 
oversees  the  development 
of  electronic  health  records 
policies  —  to  ensure  that 
EHRs  can  include  details 
about  a  person’s  genetic 
makeup.  ■ 


.ogitech 


The  Right  Technology.  Right  A\ 


wmmm' 


Logitech®  Cordless  Desktop  S530  Laser  for  Mac® 

•  Ultra-flat  profile  and  built-in  palm  rest 

•  Dedicated  one-touch  controls  for  iTunes®  and  iPhoto® 

•  Longer  battery  life  provides  up  to  six  months  or  more  of  standard  use 


m  I 


m 


Your  old  notebook  can  still  be  put  to  use. 
A  new  one  from  CDW  can  be  put  to  work. 


s 

•  Authorized 
Reseller 


$1799 

CDW  1381695 


•  Intel®  Core™  2  Duo  Processor  (1.60GHz) 

•  Memory:  2GB 

•  80GB  hard  drive 

•  Built-in  AirPort  Extreme  and  Bluetooth 

•  13.3"  wide-screen  display 

•  Mac  OS®  X  10.5 


Apple  Cinema  Display® 

•  20"  digital,  wide-screen  LCD  with  700:1  contrast  ratio 

•  Panel  brightness:  300  cd/m2 

•  Connect  a  printer,  scanner  or  digital  camera  with  integrated 
USB  2.0/FireWire  400  hub 


/ 

•  Authorized 
Reseller 


$599  CDW  659613 


$79.99  CDW  914245 


We're  there  with  the  technology  solutions  you  need. 

Sure,  outdated  technology  can  serve  your  needs.  But  unfortunately,  not  your  work  needs.  When  you  upgrade 
to  new  technology  from  CDW,  you'll  be  more  productive  than  ever.  If  you  need  to  go  mobile,  you  can  with 
countless  wireless  options.  Need  to  upgrade  to  a  new  operating  system?  No  problem.  Of  course,  we  also 
offer  a  personal  account  manager  who  knows  the  needs  of  your  business,  as  well  as  a  host  of  configuration 
services.  Bottom  line  -  we'll  make  sure  you  get  what  you  need,  when  you  need  it.  So  call  CDW  today  and 
work  smarter,  not  harder. 

CDW.com  800.399.4CDW 


■  .  t  .  >/  ,  v,  ,  f  u  <  <  1  r&w  v  ‘  *A 

Offer  subject  to  CDW’s  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2008  CDW  Corporation 


Apple  MacBook  Air 


■  CAREERS 


Recession 
Unlikely  to  Curb 
H-1B  Demand 

The  U.S.  economy  may  be  tanking. 
But  a  record  number  of 
applications  for  H-1B  visas  are 
expected  to  be  filed  this  week. 
Here’s  why.  By  Patrick  Thibodeau 


ONSUMER  confi¬ 
dence  is  down,  un¬ 
employment  claims 
are  up,  and  the  U.S. 
economy  may  already  have 
slipped  into  recession.  But 
starting  tomorrow,  the  fed¬ 
eral  government  will  likely 
receive  a  record  number  of 
applications  from  employers 
seeking  H-1B  visas  for  work¬ 
ers  from  overseas. 

So  why  is  the  demand  for 
foreign  workers,  including 
skilled  software  developers 
and  other  IT  professionals, 
still  rising  as  economic  con¬ 
ditions  grow  steadily  worse? 


First,  there’s  pent-up  de¬ 
mand  for  H-1B  visas.  Last 
year,  the  U.S.  Citizenship 
and  Immigration  Services 
received  more  than  143,000 
petitions  for  the  85,000  vi¬ 
sas  available  for  the  govern¬ 
ment’s  2008  fiscal  year.  That 
forced  the  USCIS  to  choose 
recipients  via  a  lottery  proc¬ 
ess,  and  many  of  the  people 
who  didn’t  get  visas  are  ex¬ 
pected  to  try  again  this  year. 

Second,  even  if  the  overall 
job  market  is  declining,  the 
shift  of  technology  jobs  to 
outsourcing  vendors  isn’t 
likely  to  abate.  And  many  of 


the  largest  H-1B  users  are 
offshore  outsourcing  firms. 
For  instance,  eight  of  the  top 
10  recipients  of  new  H-1B 
visas  in  fiscal  2007  were 
outsourcers  that  are  based 
in  India  or  have  substantial 
offshore  operations. 

Third,  H-1B  proponents 
such  as  Microsoft  Corp. 
Chairman  Bill  Gates  claim 
that  the  U.S.  doesn’t  have 
enough  “world-class  engi¬ 
neers”  to  meet  the  needs  of 
employers.  At  a  congres¬ 
sional  hearing  this  month, 
Gates  said  that  the  annual 
visa  cap  “bears  no  relation  to 
the  U.S.  economy’s  demand 
for  skilled  professionals.” 

H-1B  critics  dispute 
that  contention.  Nonethe¬ 
less,  three  bills  proposing 
increases  in  the  cap  were 
introduced  in  Congress 
shortly  after  Gates  spoke. 
Congress  may  make  any 
cap  increase  retroactive  —  a 
prospect  that  could  encour¬ 
age  companies  to  submit 
H-1B  applications  just  to 
make  sure  they  have  a  place 
in  line. 

For  those  reasons,  there’s 
a  good  chance  that  the  num¬ 
ber  of  H-1B  petitions  filed 
this  year  will  exceed  last 
year’s  total,  further  reducing 
the  odds  of  getting  a  visa 
unless  the  cap  is  increased. 

The  demand  for  visas  may 
be  inflated  if  companies  try 
to  boost  their  lottery  odds 
by  applying  for  more  than 
they  really  need.  Earlier  this 
month,  the  USCIS  set  a  new 
rule  barring  employers  from 
filing  multiple  petitions  for 
one  person.  But  a  parent 
company  and  its  subsidiar¬ 
ies  can  still  separately  seek 
visas  for  the  same  worker,  as 
long  as  the  applications  are 
for  different  jobs. 

Jacob  Sapochnick,  a  San 
Diego-based  attorney  who 
represents  companies  seek¬ 
ing  H-1B  visas,  is  concerned 
that  offshore  outsourcing 


firms  will  use  that  and  other 
methods  to  improve  their 
chances  in  the  lottery.  “This 
is  a  problem  —  we’re  wor¬ 
ried,”  Sapochnick  said. 

Some  offshore  firms  are 
increasing  their  U.S.  pres¬ 
ence,  partly  to  mitigate  the 
effect  of  the  H-1B  limits. 

Last  July,  Wipro  Ltd.  an¬ 
nounced  plans  to  build  a 
1,000-worker  software  de¬ 
velopment  center  in  Atlanta. 
And  Tata  Consultancy  Ser¬ 
vices  Ltd.  said  this  month 
that  it  is  opening  a  services 
delivery  center  near  Cincin¬ 
nati.  Tata,  which  has  more 
than  16,000  employees  scat¬ 
tered  at  client  sites  in  the 
U.S.,  plans  to  mostly  hire 
locals  —  initially,  about  500 
people  —  at  the  new  facility. 

But  Phiroz  Vandrevala, 
Tata’s  executive  director  of 
global  corporate  affairs,  said 
the  delivery  center  won’t 
significantly  reduce  FI-1B 
needs  at  the  firm,  which  re¬ 
ceived  nearly  3,500  visas  in 
fiscal  2006  and  2007.  “Five 
hundred  positions  is  not 
going  to  change  the  needle 
significantly,”  he  said. 

Getting  an  H-1B  visa  these 
days  is  “all  on  luck  —  it’s  not 
on  merit,”  said  Brijesh  Nair, 
an  Indian  national  who 
earned  a  Ph.D.  in  civil  engi¬ 
neering  in  the  U.S.  and  has 
been  working  here  on  a  visa 
for  the  past  18  months. 

Nevertheless,  the  applica¬ 
tions  keep  coming. 

Nicole  Lawrence  Ezer, 
an  immigration  attorney 
at  Sutherland  Asbill  & 
Brennan  LLP  in  Houston, 
expects  a  flood  of  H-1B 
petitions  tomorrow.  And 
she  thinks  the  cap  for  both 
types  of  visas  —  65,000 
regular  ones,  and  20,000 
for  foreign  workers  with 
advanced  degrees  from 
U.S.  universities  —  will  be 
reached  in  a  matter  of  days. 

“Nobody  is  foolish 
enough  to  wait,”  Ezer  said.  ■ 


16  C0MPUTERW0RLD  MARCH  31,  2008 


GSun 

microsystems 


M 


:  %  mj$-  *.#.  ♦  #  #f  €  §;  & 


?’#  ##  #  #  #  #  5ff#  5 


Get  the  World's  First 
Open  Storage  System 
with  Legendary  ZFS 


The  Sun  Fire™  X4500  Storage  Server  (aka  “Thumper”)  delivers  twice  the 
performance,  half  the  size  and  one-third  the  price  of  the  competition. 
With  common  storage  pools,  provable  data  integrity  and  near-zero 
administration,  ZFS  overturns  everything  you  thought  you  knew  about 
file  systems.  And  with  four-core  X64  performance,  the  highest  storage 
density  and  the  power  of  Solaris™,  the  Sun  Fire  X4500  Server  blows  away 
everything  else  in  price,  performance,  and  capacity. 


For  a  free  60-day  trial,  go  to  sun.com/openstorage 


Call  your  local  Sun  Sales  Representative,  Sun  Authorized  Partner  or  (888)  516-9362. 

©  2008  Sun  Microsystems,  Inc.  All  rights  reserved.  All  logos  and  trademarks  are  property  of  their  respective  owners. 


AMD 


soiaris 


HOT  TRENDS  ®  NEW  PRODUCT  NEWS  ■  INDUSTRY  BUZZ  BY  MARK  HALL 


'  -  1  \  ?!*:-' ; 


fepTy  Yomr  Thow&hu 

PHY^iCAW. 

HE'S  OUR  NEW 

ViRTUAL  i. 
DATACEMUR 

Expert. 


oMu^iiS 


&roovy 


■  i 


Real  Fail-over  for  VMs 

NCE  YOU’VE  loaded  noncritical  Web,  file  and  print  serv¬ 
ers  onto  virtual  machines,  you  get  the  itch  to  consolidate 
even  more.  But  you  draw  the  line  at  servers  that  run  busi¬ 
ness-critical  applications  and  need  fail-over  systems,  right? 
Well,  check  out  Marathon  Technologies  Corp.’s  everRun 
VM  software,  now  in  beta.  Steven  Keilen,  vice  president  of  marketing  at 
the  Littleton,  Mass.-based  company,  says  the  product  lets  you  choose 


from  three  levels  of  fail-over  protec¬ 
tion:  basic  fail-over;  component-level 
fault  tolerance;  and  system-level 
fault  tolerance,  called  LockStep.  Says 
Keilen,  you  install  everRun  VM  on 
two  x86-class  servers  and  choose 
your  level  of  fault  tolerance  with  a 
simple  radio  button.  The  software 
then  checks  the  two  servers  to  en¬ 
sure  that  both  are  adequate  for  the 
level  you’ve  chosen. 
And  the  servers 
can  be  in  different 
geographic  loca¬ 
tions  for  disaster 
recovery  purposes, 
Keilen  says. 

Marathon’s  ever¬ 
Run  will  be  avail¬ 
able  in  late  April. 
The  LockStep  op¬ 
tion  will  go  gold  in 


Keilen:  Adding 
fault  tolerance 
opens  up  VMs 
to  apps. 


early  Q4.  EverRun  starts  at  $2,000 
per  physical  server,  with  unlimited 
virtual  machines.  A  bundle  with 
Citrix  XenServer  is  $4,500  per  ma¬ 
chine.  It’s  worth  a  look,  if  failure  is 
not  an  option. 

Real  Security  for 
Virtual  Machines 

As  the  economy  worsens,  the  pres¬ 
sure  to  consolidate  via  virtualization 
will  mount.  But  don’t  let  security 
be  virtual,  especially  when  it  comes 
to  the  “virtual  switch”  that  con¬ 
nects  your  virtual  machines  to  a 
virtual  network.  That’s  the  mes¬ 
sage  from  Amir  Ben-Efraim,  CEO 
of  Altor  Networks  Inc.  in  Redwood 
City,  Calif.  Virtual  switches  can’t  be 
managed  or  even  detected  by  most 
network  management  tools,  he  says. 


Secure  your 
virtual  switches, 
urges  Ben- 
Efraim. 


This  month,  Altor 
unveiled  its  Vir¬ 
tual  Network  Secu¬ 
rity  Analyzer,  which 
plugs  into  VMware 
Inc.’s  virtual  switch 
and  monitors  every 
packet  going  to  and 
from  each  VM.  And 
come  this  summer, 

Ben-Efraim  says,  the 
company  will  release 
its  Virtual  Network  Firewall,  which 
will  let  you  define  and  enforce  poli¬ 
cies,  such  as  shutting  down  multicast 
traffic.  Later  this  year,  Altor  will 
offer  support  for  XenServer.  Pricing 
starts  at  $500  per  physical  server  for 
the  Security  Analyzer  and  $1,500  for 
the  firewall. 

Add  Real  Context 
To  CCs  and  BCCs 

RPost  U.S.  Inc.’s  e-mail  service, 
which  might  be  considered  the  regis¬ 
tered  mail  of  the  Internet,  has  a  cool 
new  feature.  SideNote,  says  Zafar 
Khan,  CEO  of  the  Los  Angeles-based 
company,  lets  you  provide  “context” 
to  recipients  of  an  e-mail  message 
who  are  being  “carbon  copied”  (cc) 
or  “blind  carbon  copied”  (bcc). 

For  those  unfamiliar  with  the 
world  of  paper  letters  and  memos, 

Khan  explains 
that  in  the  old 
days,  missive 
writers  would 
scribble  notes 
explaining  to 
people  why  they  were  getting  cc’d  or 
bcc’d  on  a  given  message.  But  in  the 
e-mail  era,  that  flexibility  vanished. 
He  says  people  often  call  or  send  ad¬ 
ditional  e-mails  to  people  being  cc’d 
or  bcc’d  to  give  the  context  for  the 
e-mail.  With  SideNote,  RPost  users 
simply  click  on  a  button  in  their  mail 
clients  and  write  a  bright-yellow 
note  for  each  cc  and  bcc  recipient. 
Recipients  need  not  be  users  of 
RPost  and  can  even  get  SideNotes 
on  their  BlackBerries  or  iPhones. 
SideNote  comes  free  with 
the  standard  RPost  ser¬ 
vice.  RPost  has  plug-ins 
for  Outlook,  Notes  and 
GroupWise  mail  clients. 

Pricing  starts  at  $59  per 
100  registered  e-mails.  ■ 


$9.50 

Minimum  USPS 
registered  mail  fee 
per  letter. 


PToMPUTER^ORuTcoir 


O  MORE  BUZZ 

Discover  and  discuss 
more  industry  action  at 
the  On  the  Mark  blog: 

computerworld.com/ 

blogs/hall 


18  C0MPUTERW0RLD  MARCH  31,  2008 


f 


V  | 


■  THE  GRILL 

Howard  Schmidt 

The  former  White  House  security 
adviser  talks  about  mobile 
vulnerabilities,  background  checks 

for  IT  workers  and  fishing. 


i 

! 

! 

* 

* 

1 
? 
* 

2 

1 
} 

2 
2 
* 
I 
8 

1 

2 


2 

I 

1 
s 

2 
5 
2 
2 
2 
1 
2 
2 
* 
2 
i 
I 
I 


2 

2 

2 

2 

1 

2 
i 

1 

2 
2 
2 
t 


2 

2 

* 

2 

1 

2 
i 

I 

1 

2 
2 
2 

I 

1 

2 
2 
2 
I 

1 

2 
2 
2 
2 
2 
2 

2 

1 

2 

2 

2 

2 

8 

2 

2 

2 

2 

k 

8 

2 

2 

2 

2 

2 

2 

2 

2 

2 

8 

* 

1 

2 
2 

1 

2 


Name:  Howard  Schmidt 
Title:  CEO 

Company:  R&H  Security 
Consulting  LLC 

Location:  Issaquah,  Wash. 

Favorite  job:  “The  police 
department  in  Arizona.  I  was 
there  for  six  years  working 
with  some  great  people.” 

Job  he’d  like  to  try:  Commer¬ 
cial  pilot  or  professional  bass 
fisherman. 

Favorite  pastime:  “Fishing.  I’m 
up  in  Alaska  regularly  -  out  on 
|  a  boat  fishing.” 

In  high  school,  he  was:  “The 
guy  who  was  always  out  there 
dancing.  Everyone  else  was 
hanging  by  the  wall,  and  I’d  be 
out  there.  I  didn’t  even  have  to 
be  drunk  to  do  that.  I  still  do 
that  today.” 

A  former  White  House  security  adviser, 
Howard  Schmidt  was  appointed  by 
President  Bush  as  special  adviser  for 
cyberspace  security  just  three  months 
after  the  terrorist  attacks  of  Sept.  11, 
2001.  On  the  corporate  side,  he  once 
served  as  chief  security  strategist  at 
eBay  Inc.,  and  he  also  was  chief  security 
officer  at  Microsoft  Corp.  In  the  military, 
he  was  director  of  the  Air  Force  Of¬ 
fice  of  Special  Investigations  Computer 
Forensic  Lab  and  Computer  Crime  and 
Information  Warfare  Division. 

What’s  the  scariest  thing  you  see  hap¬ 
pening  in  security  right  now?  I  think  it’s 
the  mobile  devices  and  the  capabilities 
that  we  want.  There  isn’t  enough  atten¬ 
tion  to  making  those  things  secure. 

We  now  have  the  capability  to 
download  and  install  all  kinds  of 
applications  on  our  mobile  devices. 
People  use  a  mobile  phone  for  more 
than  talking.  I  use  mine  to  pay  my 
PayPal  account,  to  check  my  bank 
account.  I  see  criminals  out  there  who 
know  this.  What  they’ve  been  attack¬ 
ing  on  the  desktop,  they’ll  starting  at¬ 
tacking  in  our  mobile  devices  as  they 
become  more  like  PCs  in  our  pockets. 
We  can’t  wait  five  years  to  do  some¬ 
thing  about  it.  We  have  to  do  some¬ 
thing  now. 

MARCH  31, 2008  C0MPUTERW0RID  IS 


■  THE  GRILL  HOWARD  SCHMIDT 


Mlook  at  is, 
if  you  don’t 
have  security,  you 
can’t  guarantee 
privacy. 


What  are  CSOs  telling  you  they’re  most 
worried  about?  The  whole  issue  of  risk 
and  compliance.  Most  of  the  CSOs  I 
talk  to  are  saying  less  about  what’s 
the  best  technology  [and  more  about] 
how  do  they  make  sure  their  firms 
can  feel  confident  they’re  doing  good 
governance,  risk  and  compliance.  How 
do  they  know  they’ve  minimized  risk 
for  the  company  and  they  comply  with 
federal  laws,  state  laws  and  interna¬ 
tional  laws? 

How  can  companies  strike  a  balance  be¬ 
tween  security  and  privacy?  For  a  long 


time,  there’s  been  the  perspective  that 
if  you  have  security,  you  don’t  have  pri¬ 
vacy.  The  way  I  look  at  is,  if  you  don’t 
have  security,  you  can’t  guarantee 
privacy.  Privacy  falls  into  two  buckets. 
One  is,  how  can  we  protect  our  data? 
You  do  that  using  good  security.  The 
second  is,  who  does  what  with  my 
data?  How  can  I  control  that?  This  is 
the  difficult  part.  Right  now,  we  are  not 
in  control  of  that  data. 

I’ll  give  you  a  live  example.  One  of 
our  boys  is  in  medical  school  in  Wis¬ 
consin.  Rather  than  pay  for  board,  we 
bought  a  house  there.  We  weren’t  fi¬ 
nancing  it,  but  they  wanted  our  Social 
Security  numbers.  I  said,  “You’ve  got 
my  ID,  my  passport,  my  license.  You’ve 
got  confirmation  of  who  I  am.  Why  do 
you  need  my  Social  Security  number, 
and  what  happens  to  it  if  someone 
breaks  in  here?”  I  didn’t  fill  it  out.  We 
basically  need  a  bill  of  rights  over  pri¬ 
vacy  of  information. 

Are  passports  equipped  with  RFID  im¬ 
plants  a  good  idea?  I  don’t  think  it’s  a 
bad  idea,  but  I  don’t  think  security  was 
as  high  a  consideration  as  it  should 
have  been.  I  have  one.  And  knowing 
the  security  implications  of  it,  I’m  very 
cognizant  of  where  I  put  it  to  make 
sure  no  one  can  use  a  mechanism  to 
read  something  from  it.  You’ve  seen 
these  card  readers  where  you  go  up 
to  a  gas  pump  and  it  has  a  little  RFID 
wand.  The  government  and  customs 
are  not  the  only  ones  who  have  access 
to  these  readers.  Someone  just  has  to 
get  close  enough  to  you  that  they  can 
read  the  data  off  your  passport.  Once 
they  get  that,  they  can  use  it  to  create  a 
fake  passport. 

What  do  you  think  about  companies  do¬ 
ing  background  checks  on  IT  workers?  I 

think  it’s  not  a  bad  idea,  realizing  that 
every  company  has  a  different  culture. 
IT  is  just  no  longer  a  function  that 
helps  you  share  PowerPoints  and  do 
word  processing.  IT  has  become  a  part 
of  our  day-to-day  critical  infrastruc¬ 
ture.  It’s  how  we  make  our  financial 
services  run  and  transportation  sys¬ 
tems  work.  If  people  are  involved  in 
IT,  they  need  some  scrutiny  to  make 
sure  they’re  not  at  [risk]  for  doing  bad 
things  to  the  company  or  even  to  na¬ 
tional  security. 


I  frequently  hear  people  talking  about  the 
possibility  of  terrorists  attacking  com¬ 
puter  networks  in  the  U.S.  How  much  of 
a  threat  do  you  think  this  really  is?  They 
don’t  want  to  wind  up  attacking  a  sys¬ 
tem  they  depend  on.  Terrorists  now 
can  push  bin  Laden  videos  to  mobile 
phones.  They’re  doing  podcasts  and 
webcasts.  To  attack  the  Internet  is  not 
in  their  best  interests  because  they’d 
suffer  like  everyone  else.  Attacking  a 
financial  system  to  cause  economic 
harm,  is  that  a  possibility?  Absolutely. 
But  the  protections  you  put  in  place  to 
protect  against  a  regular  hacker  would 
be  the  same  best  practices  you’d  use 
against  anyone,  including  a  terrorist. 

We’re  hearing  a  lot  about  the  Chinese 
breaking  into  our  government  networks. 
How  secure  or  insecure  are  we  against 
these  kinds  of  attacks?  Sen.  Sam  Nunn, 
in  a  meeting  at  the  Pentagon  [in  the 
mid-1990s],  asked  me  [how  we  would 
fare]  if  there  was  a  technological  war 
and  another  country  was  to  attack  us, 
on  a  scale  of  1  to  10.  Ten,  they  have 
no  chance  of  affecting  us,  and  1,  they 
would  devastate  us  and  own  every¬ 
thing  we  have.  I  said  we’d  be  some¬ 
where  around  a  5  or  6.  Today,  that  has 
changed  dramatically.  I  think  we’re  in 
a  much  better  situation.  We’re  much 
more  secure,  and  we’re  reducing  our 
attack  vectors.  In  terms  of  withstand¬ 
ing  an  attack,  we’d  be  closer  to  an  8  or 
a  9.  We  have  the  ability  to  turn  back 
attacks.  We  also  could  shut  down  sys¬ 
tems  that  might  be  under  attack  and 
bring  them  internal. 

What  should  the  government  be  doing  to 
increase  cybersecurity?  There’s  educa¬ 
tion  and  research  that  the  government 
could  help  more  on.  And  using  the 
power  of  procurement,  they  could 
push  vendors  to  develop  more-secure 
systems.  If  the  government  says, 
“Design  me  a  more  secure  system, 
and  here’s  the  money  to  go  do  it,”  the 
vendor  [would  do  it  and]  then  sell  it  to 
the  private  sector.  The  other  piece  is 
that  there’s  not  a  whole  lot  of  emphasis 
from  the  government  on  research.  The 
government  could  seed  the  next  gener¬ 
ation  of  tech-savvy  researchers  to  look 
at  our  problems  and  figure  out  how  we 
can  solve  them. 

—  Interview  by  Sharon  Gaudin 


20  C0MPUTERW0RLD  MARCH  31,  2008 


OPINION 


Bruce  A.  Stewart 

Why  Can’t  IT 

Speed  Things  Up? 


SEVERAL  CLIENTS  and  prospects  have  said  to  me 
that  they  want  to  speed  up  their  IT  organizations. 
They  perceive  that  while  the  pace  of  change  demanded 
by  the  business  will  accelerate  soon,  no  more  resources 
will  be  supplied.  Theyll  have  to  move  things  through  faster  so 
that  their  teams  can  be  freed  up  sooner  for  the  next  project. 


Fair  enough.  All  these 
IT  organizations  could 
stand  to  speed  up,  and 
they’re  thinking  as  a 
business  would,  seeing 
the  need  to  constantly 
rejigger  operations  as 
demand  grows. 

But  speed  doesn’t  come 
easily,  and  that’s  a  mes¬ 
sage  none  of  these  orga¬ 
nizations  has  been  com¬ 
fortable  hearing.  Here’s 
what  stands  in  their  way: 

A  focus  on  big  projects. 
In  every  case,  the  whole 
structure  of  the  IT  orga¬ 
nization  —  from  project 
offices  to  approval  proc¬ 
esses  —  is  geared  for 
large  projects  that  last  a 
year  or  longer.  The  proj¬ 
ects  are  strictly  linear, 
with  business  analysts 
interacting  with  architec¬ 
ture  to  produce  reference 
solutions,  then  develop¬ 
ment  experts  converting 
that  into  designs,  and 
then  specifications  be¬ 
ing  laid  down.  All  this  is 


good  for  getting  a  big  ef¬ 
fort  right,  but  these  steps 
slow  down  the  work. 

Hostility  toward  new 
ways  of  doing  things. 

These  IT  organizations 
won’t  invest  in  and  ex¬ 
periment  with  new  tools, 
approaches  and  methods 
until  there  is  a  project 
“worthy”  of  them.  Mean¬ 
while,  no  business  client 
will  take  a  chance  on 
anything  new.  The  result 
is  that  yesterday’s  lan¬ 
guages,  tools  and  meth¬ 
ods  remain  today’s  —  and 
likely  tomorrow’s. 

Silence  rather  than  dia¬ 
logue  on  IT  investments. 
When  business  people 
are  left  in  the  dark  about 

■  You  can’t 
just  decide  to 
speed  things 
up  without  first 
addressing  five 
core  problems. 


IT’s  existing  portfolio, 
they  can  only  wonder: 
Are  the  existing  pieces 
expensive  to  maintain 
and  test?  Is  the  company 
losing  technical  quality 
through  skills  attrition 
or  lack  of  investment  by 
vendors?  Is  it  suffering 
declining  functionality 
as  the  work  processes 
evolve  and  the  software 
doesn’t?  Without  portfo¬ 
lio  feedback,  the  business 
can’t  judge  whether  to 
extend  what  it  owns  a 
little  longer  or  to  start 
again  for  the  next  decade. 
More  often  than  not,  the 
business  defers  to  IT 
—  and  IT  defers  to  what 
it  already  knows. 

The  business  side’s  com¬ 
mitment  level.  Not  all  the 
problems  are  in  IT.  In 
every  one  of  these  com¬ 
panies,  the  business  does 
not  make  IT  tech  projects 
a  priority.  Decision-mak¬ 
ers  don’t  come  to  meet¬ 
ings,  and  key  issues  aren’t 


worked  out  early.  Far 
too  often,  core  questions 
—  “What  is  a  superior 
customer  experience?” 
or  “What  is  a  premier 
supplier?”  —  aren’t  asked 
until  late  in  the  game. 

At  project’s  end,  the 
business  won’t  partici¬ 
pate  in  testing  or  invest 
in  deployment  support. 
That’s  a  governance 
breakdown.  Successful 
IT  projects  are  a  partner¬ 
ship,  but  too  often  the 
business  side  fails  to  do 
its  part. 

Corporate  style.  Corpo¬ 
rate  behavior  influences 
what  you  can  do.  If  your 
performance  evaluation 
system  is  too  rigid,  or  if 
you  are  required  to  plan 
(and  then  execute  ac¬ 
cording  to  that  plan)  with 
nothing  held  back  for 
change,  your  speed  will 
be  limited.  Here,  IT  can 
push  against  the  limits, 
but  it’s  hard  to  go  any 
great  distance  past  them. 

Speeding  up  is  a  good 
thing  to  work  on.  But  you 
must  make  sure  that  you 
address  these  hurdles. 
Miss  one,  and  you’ll  lose 
credibility  —  and  still  be 
considered  slow.  ■ 

Bruce  A.  Stewart  is  CEO 
of  Vancouver,  British 
Columbia-based  Accendor 
Research  Inc.,  an  advisory 
services  firm  focused  on 
management  issues  in 
the  technology-enabled 
enterprise.  He  can  be 
reached  at  bruce.stewart@ 
accendor.com. 


MARCH  31,  2008  COMPUTERWGRLQ  21 


I 


■5»s 


Nf 


SK'4S 


STORAGE  SPOTLIGHT  H 


Events  like  9/11 
and  Hurricane 
Katrina  have 
i  brought  disaster  to 
IT’s  doorstep.  But 
many  companies 
are  still  applying  old 
strategies  to  new 
disaster  scenarios. 
BY  MARY  K.  PilTT 


ERE’S  A  tricky 
question:  Could 
your  company  op¬ 
erate  during  a  flu 
pandemic? 

Nearly  3,000 
financial  services 
organizations  tested  their  answers  to 
that  question  with  a  disaster  drill  last 
September.  The  exercise  showed  that 
the  financial  sector  could  continue  to 
operate  during  a  pandemic,  but  it  also 
revealed  stress  points  throughout  the 
industry.  For  instance,  many  recovery 
plans  laid  the  groundwork  for  employ¬ 
ees  to  telecommute  —  a  smart  move 
in  a  scenario  that  could  leave  thou¬ 
sands  homebound  —  but  the  existing 
infrastructure  couldn’t  handle  the  in¬ 
creased  traffic. 

“When  you  have  [so  many  more] 
people  working  from  home,  the  In¬ 
ternet  is  going  to  slow  to  a  crawl,  and 
that’s  if  it’s  even  recoverable  in  all 
parts  of  the  country,”  says  Nick  Ben¬ 
venuto,  managing  director  and  global 
head  of  business  continuity  at  Protiviti 
Inc.,  a  risk  management  consulting 
firm  in  Menlo  Park,  Calif. 

That  drill  highlights  the  status  of 
many  companies  vis-a-vis  disaster  re¬ 
covery:  They  have  disaster  plans,  but 
those  plans  aren’t  adequately  designed 
to  handle  an  actual  event. 

Instead,  many  business  executives, 
including  top  IT  managers,  are  rely¬ 
ing  on  old  procedures  and  technolo¬ 
gies  that  might  work  for  small-scale, 
brief  disasters  —  a  regional  power 
outage,  for  example  —  but  would  fall 


woefully  short  during  a  catastrophe 
like  another  major  hurricane  or  ter¬ 
rorist  attack. 

Moreover,  many  companies  can’t 
claim  to  have  real  confidence  in  their 
disaster  recovery  plans,  either,  because 
they  fail  to  test  and  update  those  plans 
often  enough  to  guarantee  that  their 
procedures  and  technologies  are  keep¬ 
ing  pace  with  business  changes  and 
growth. 

In  a  2007  report  from  Cambridge, 
Mass. -based  Forrester  Research  Inc., 
only  33%  of  124  data  center  decision¬ 
makers  surveyed  said  they  believe 
they’re  very  prepared  to  recover  their 
data  centers  in  the  event  of  a  failure 
or  disaster.  Meanwhile,  37%  said  they 
were  prepared,  27%  said  they  were 
somewhat  prepared,  and  3%  admitted 
that  they  weren’t  prepared. 

However,  there  are  leaders  out 
there.  In  particular,  organizations 
that  have  survived  recent,  massive 
disasters  have  internalized  their  hard- 
earned  lessons  in  recovery  and  are 
now  better  prepared  for  what  might 
come  next.  (See  “Disaster  Survivors,” 
page  26.) 

GAINING  ATTENTION 

And  the  news  isn’t  all  bad.  Experts  say 
that  although  companies  need  to  work 
harder  on  disaster  recovery  planning 
and  testing,  they’re  still  doing  better 
than  they  have  in  the  past. 

“If  you  went  back  10  years,  things 
were  far  worse.  There  has  been  great 
improvement,”  says  Jonathan  Gossels, 
president  and  CEO  of  SystemExperts 
Corp.,  an  IT  compliance  and  network 
security  consulting  firm  in  Sudbury, 
Mass.  “But  not  enough  companies  are 
doing  enough.” 

Although  preparedness  varies 
greatly  from  industry  to  industry  and 
from  one  company  to  the  next,  Gossels 
says  there  are  several  factors  that  con¬ 
tribute  to  an  organization’s  failures  in 
disaster  recovery  preparation. 

“It’s  expensive,  it  falls  below  the 
priority  line,  and  it  doesn’t  generate 
revenue.  It’s  seen  as  just  an  ongoing 
high  cost.  It’s  natural  for  companies 
to  do  as  little  as  they  can  get  away 
with,”  says  Gossels.  “It’s  human  na¬ 
ture  to  expect  that  we’ll  see  this  area 
underfunded.” 

In  a  recent  survey  conducted  by 


Gartner  Inc.,  more  than  half  the  359 
participants  from  the  U.S.,  Canada  and 
the  U.K.  said  they  planned  for  natural 
disasters,  power  outages,  fires,  IT  out¬ 
ages,  computer  virus  attacks,  and  fail¬ 
ures  at  key  service  providers.  And  50% 
of  the  respondents  said  they  planned 
for  terrorist  attacks. 

But  the  survey  also  found  that  less 
than  half  have  plans  for  dealing  with 
labor  strikes,  civil  unrest,  denial-of- 
service  attacks  or  pandemics.  And  only 
45%  have  plans  for  long-term  facility 
outages  —  that  is,  outages  lasting  more 
than  a  week. 

Given  these  findings,  Gartner 
analyst  Roberta  Witty  questions 
whether  disaster  plans  are  adequate, 
considering  the  fact  that  some  recent 
events,  such  as  Hurricane  Katrina, 
took  out  power  for  much  longer  than 
a  week.  Witty  says  organizations 
also  fail  to  adequately  plan  for  disrup¬ 
tions  in  services  provided  by  third 
parties. 

Companies  are  taking  note,  though. 
Forrester  analyst  Stephanie  Balaouras 
says  Hurricane  Katrina  was  a  louder 
wake-up  call  for  businesses  than  the 
Sept.  11  terrorist  attacks.  She  says  most 
companies  don’t  operate  in  major  ur¬ 
ban  areas  or  near  landmarks  that  could 
be  terrorist  targets,  but  they  do  see 
themselves  as  vulnerable  to  weather- 
related  catastrophes  and  other  natural 
disasters. 

But  Balaouras  points  out  that  the 
vast  majority  of  business  disrup¬ 
tions  aren’t  caused  by  big  events  like 
hurricanes.  It’s  the  more  mundane 
scenarios,  such  as  power  outages,  IT 
failures  and  human  error,  that  are 
more  likely  to  bring  down  a  whole  IT 
infrastructure. 

Companies  shouldn’t  focus  on  a  spe¬ 
cific  event,  however,  Balaouras  says. 
They  need  to  plan  for  the  resulting 
disruptions.  After  all,  anything  from 
wildfires  to  floods  can  knock  out  pow¬ 
er,  take  out  infrastructure  and  scatter 
workers. 

“This  really  needs  to  become  part  of 
change  management,”  Benvenuto  says. 
“Whenever  you  add  a  new  process, 
you  need  to  think  about  how  it  affects 
disaster  recovery.”  ■ 

Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her 
at  marykpratt@verizon.net. 


WILLIAM  DUKE 


MARCH  31,  2008  COMPUTERWORLD  ?3 


•HHHltlli 


ttttmtH  sm 

Mmtmtm 

'  -.  "  --  ■  --■-  ;,-  - 
-"■■  -•■■- . -iiS  ■ 

mtmimu 

‘  *1 

mmtmm 

tttHMtMHI 


iHllilHIItt 


mttttii 


'Available  on  select  models.  IBM,  the  IBM  logo.  ( ivo!>  and  ;ake  Back  Control  are  trademarks  or  registered  trademarks  of  International 
Business  Machines  Corporation  in  the  United  :  and/or  other  countries.  ©2008  IBM  Corporation.  All  rights  reserved. 


of.ll.oS  • 

SpU*  6  /erxo* 


.INFRASTRUCTURE  LOG 

_DAY  85:  Woke  up  in  a  desert.  Our  data  center  is  overheating 
so  badly  it’s  playing  tricks  on  our  minds.  We  have  to  do 
something  about  these  energy  costs.  But  how?  Our  processing 
needs  keep  growing. 

.Maybe  that  sphinx  over  there  has  an  answer. 

.DAY  86:  I’m  taking  back  control  with  IBM.  Their  services 
can  help  us  diagnose  inefficiencies  and  build  a  more 
energy-efficient  data  center.  A  virtualized  IT  environment 
can  improve  our  server  and  storage  utilization  while  their 
power  management  capabilities  help  us  actively  manage  our 
power  usage.1  And  thanks  to  IBM’s  advanced  cooling  solutions, 
our  data  center  is  cucumber  cool. 

.Good  thing.  My  wrinkle-free  shirts  really  aren’t  very  breathable. 


Watch  a  Webcast  on  data  center  energy  efficiency  at: 

IBM.COM/TAKEBACKCONTROL/ENERGY 


VN-  '  '  ' 


Wmamm 


;  These  six  organizations  endured 
i  enormous  disasters.  Their  hard- 
i  earned  lessons  have  made  them 
i  better  prepared  for  what’s  next. 


N  RETROSPECT,  put- 
ting  a  data  center 
on  the  fifth  floor 
of  a  glass  high-rise 
office  building  just 
a  half-mile  from 
the  Gulf  of  Mexico 
wasn’t  such  a  good  idea.  Dur¬ 
ing  Hurricane  Katrina,  Han¬ 
cock  Bank’s  Gulfport,  Miss., 
headquarters  building  was 
devastated.  Today,  the  most 
visible  change  to  the  bank’s 
disaster  preparedness  plan  is 
a  new  $16  million  data  center 
farther  inland,  but  that’s  just 
one  of  many  changes  Chief 


Operating  Officer  Shane 
Loper  says  will  pay  off  when 
the  next  disaster  strikes. 

The  bank  now  operates  on 
a  “4/24”  plan  that  requires 
customer-facing  systems  to 
be  operational  within  four 
hours  of  a  disaster,  and  core 
business  systems  within 
24  hours.  “All  of  the  things 
we  are  doing  come  with  a 
price,”  Loper  says.  But  be¬ 
cause  the  bank  is  regional,  it 
needs  to  ensure  that  a  local 
disaster  in  Gulfport  won’t 
affect  its  other  branches. 

“You  want  to  locate  your 


data  center  in  an  area  that 
has  the  lowest  threat  profile 
possible,  and  that  means 
separating  it  from  the  head¬ 
quarters  offices  and  away 
from  downtown  areas  when 
possible,”  says  Stephanie 
Balaouras,  an  analyst  at  For¬ 
rester  Research  Inc. 

Hancock’s  new  data  cen¬ 
ter  is  still  in  Gulfport,  but 
the  hardened,  lights-out  fa¬ 
cility  is  farther  inland  on  the 
area’s  highest  point.  It  can 
withstand  200  mph  winds, 
can  be  managed  remotely 
and  has  dual  820-kilowatt 
generators  with  enough  fuel 
to  stay  up  and  running  24 
hours  a  day  for  a  month. 

The  old  data  center’s 
server  infrastructure  had 
been  mostly  consolidated 
using  VMware  virtual 
machine  technology  when 
Katrina  struck.  “Using  more 


26  C0MPUTERW0RLD  MARCH  31,  2008 


«  Shane  Loper  (left)  and  Ron 
Milliett  have  ramped  up  Han¬ 
cock  Bank’s  disaster  prepared¬ 
ness  plans  since  Katrina  struck. 

advanced  techniques  such 
as  server  virtualization  to 
enable  high  availability 
and  disaster  recovery  are 
good  best  practices,”  says 
Balaouras.  The  virtual 
server  files  and  associated 
data  were  backed  up  and 
could  be  quickly  set  up  on 
hardware  in  a  backup  data 
center  in  Chicago.  But  the 
challenge  was  getting  them 
to  Chicago  and  loading 
them  from  tape. 

“[Just]  the  tape- 
restoration  process  re¬ 
quired  16  hours,”  and  36 
hours  elapsed  before  all 
systems  were  up  and  run¬ 
ning,  says  Jeff  Andrews, 
vice  president  and  manag¬ 
er  of  information  security. 

The  new  system  repli¬ 
cates  virtual  server  files 
and  data  over  an  MPLS 
network,  reducing  the  boot 
recovery  process  to  about 
45  minutes. 

Disaster  drills  have  also 
changed.  “When  I  was 
driving  up  to  Chicago  [after 
Katrina],  I  was  scared  to 
death,  because  I  knew  there 
were  things  we  never  test¬ 
ed,”  says  Andrews.  Today, 
everything  is  tested  under  a 
full  production  load. 

On  the  front  end,  many 
employees  have  remote  ac¬ 
cess  and  use  PCs  to  access 
hosted  virtual  desktops. 

But  technical  issues 
aren’t  what  worry  Ron 
Milliett,  director  of  IT 
services.  “Communica¬ 
tion  . . .  was  the  single  big¬ 
gest  problem  we  had,”  he 
says.  The  bank  did  have 
a  few  phones  that  used 
Sprint  Nextel  Corp.’s  iDen 
push-to-talk  technology, 
and  they  did  work,  so  the 
number  of  those  devices 
was  upped  to  250  after  the 
storm.  But  the  bank  plans 


Since  Katrina  wreaked  havoc 
on  its  telecommunications 
system,  this  insurance  firm 
now  reroutes  toll-free  numbers 
oil  its  own.  if  STACY COLLETT  ' 


to  eventually  replace  them 
with  phones  that  use  mo¬ 
bile  broadband  technology. 

The  bank  also  signed  on 
with  the  U.S.  Department 
of  Homeland  Security’s 
National  Communications 
System.  NCS  programs  al¬ 
low  companies  providing 
critical  infrastructures  to 
get  priority  on  land-line 
and  wireless  phone  calls 
during  a  disaster  and  on 
getting  critical  lines  fixed. 

Hancock  Bank  also 
keeps  a  database  of  em¬ 
ployee  contact  information 
and  has  deployed  an  alert 
system  that  can  push  mes¬ 
sages  out  to  phones  and 
e-mail  accounts.  Alterna¬ 
tively,  employees  can  call 
a  toll-free  number  to  hear 
updates  during  a  disaster. 

But  the  best  technolo¬ 
gies  and  procedures  won’t 
work  if  staffers  lack  cloth¬ 
ing,  food  and  shelter,  says 
Loper.  “We  had  leadership, 
but  they  were  running  the 
business,”  he  says.  Mean¬ 
while,  many  employees 
were  arriving  at  work  with 
only  the  clothes  on  their 
backs.  So  the  bank  identi¬ 
fied  an  emergency  logisti¬ 
cal  coordinator  at  every 
location. 

“You  want  the  company 
taking  care  of  the  basic 
needs  so  that  your  associ¬ 
ates  are  focused  on  getting 
the  business  back  up  and 
running,”  Loper  says. 

“We  are  many  levels 
above  where  we  were,” 
Loper  says,  but  he  also 
expects  that  when  the  next 
disaster  strikes,  the  bank 
will  still  face  problems 
no  one  had  anticipated. 
“Once  the  core  things  get 
resolved,  there  are  thou¬ 
sands  of  fires  that  have  to 
be  stamped  out  every  day,” 
he  says.  But,  Loper  adds, 
he’d  much  rather  be  stamp¬ 
ing  out  the  little  fires  than 
fighting  the  big  ones.  ■ 


avid  Richard,  vice  presi¬ 
dent  of  IT,  was  pleased 
with  his  team’s  recov¬ 
ery  response  after  Hurricane 
Katrina  ravaged  F.A.  Richard 
&  Associates  Inc.  (FARA)  in 
Mandeville,  La.  The  August 
2005  disaster  displaced  500 
workers  and  uprooted  opera¬ 
tions  to  Baton  Rouge  -  about 
70  miles  west. 

Uninterrupted  business  oper¬ 
ations  are  very  important  to  this 
insurance  services  firm,  and 
employees  were  able  to  access 
critical  applications  through  the 
Internet.  FARA’s  main  systems 
were  up  and  running  from  Ba¬ 
ton  Rouge  in  one  day. 

Yet  communication  proved 
to  be  the  bigger  challenge. 

Cell  phones  wouldn’t  work, 
partly  because  they  all  had  the 
same  area  code.  “Our  original 
plan  didn’t  anticipate  that,” 
Richard  explains.  Luckily,  the 
company’s  toll-free  number 
stayed  up,  but  the  business’s 
e-mail  service  had  gone  down. 
“The  server  was  working,  but 
we  had  dual  ISPs  and  lost  both 
of  them,”  Richard  says. 

So  after  Katrina,  FARA  ar¬ 
ranged  to  take  control  of  its 
communications  in  emergen¬ 
cies.  “Under  extreme  circum¬ 
stances,  we  just  can’t  assume 
[phone  and  Internet  service 
providers]  were  going  to  be 
there  and  get  to  it  right  away,” 
Richard  notes.  “Where  would 
we  stand  in  the  line?” 

So  the  company  bought  a  sec¬ 
ond  server  for  its  data  center 
in  addition  to  the  main  server 
in  its  corporate  office.  Now, 


FARA  can  make  DNS  changes 
to  redirect  SMTP-type  traffic  to 
the  second  server.  “E-mail  is  a 
mission-critical  application  for 
us,”  says  Richard. 

FARA  also  arranged  to  handle 
the  rerouting  of  its  toll-free 
phone  services  on  its  own 
during  emergencies.  “Prior 
to  Katrina,  we  called  upon 
our  vendors  to  make  routing 
changes  to  our  800-number 
services,  our  toll-free  inbound,” 
Richard  explains.  “Since  Ka¬ 
trina,  we  wanted  more  control. 
So  if  a  vendor  didn’t  answer  the 
phone,  we  still  wanted  to  make 
those  changes.”  FARA’s  long¬ 
distance  carrier  set  up  a  Web- 
based  system  that  it  can  use  to 
redirect  its  own  toll-free  lines. 

The  team  has  also  signed  up 
with  various  cell  phone  provid¬ 
ers  using  multiple  area  codes. 

Communication  with  cus¬ 
tomers  who  receive  benefits 
payments  also  had  to  be  recon¬ 
sidered.  FARA  prints  and  mails 
compensation  benefits  checks 
to  thousands  of  injured  work¬ 
ers.  Richard  hadn’t  anticipated 
that  postal  service  would  stop 
for  weeks  following  Katrina. 

“We  had  to  figure  out  how  to 
find  these  people  and  get  their 
money  to  them,”  Richard  says. 
The  company  turned  to  Western 
Union  and  wired  money  to  cus¬ 
tomers  using  code  numbers  to 
verify  their  identities. 

Today,  FARA  offers  Auto¬ 
mated  Clearing  House  direct- 
deposit  service  to  people  with 
bank  accounts. 

As  the  disaster  unfolded 

Continued  on  page  30 


MARCH  31,  2008  C0MPUTERW0RLQ  21 


%  Jgj  ^Pj  § 

■/''  *  -;/o-  -  vi/i' 


■  ':■!■  :,■  <  fi zty 


ifj« 


ililllilfiR 


IBM,  the  IBM  logo,  Tivc>ii  and  Take  Back  Control  are  trademar  ks  or  registered  trademarks  of  International  Business 
Machines  Corporation  in  the  United  Stales  and/or  other  countries.  @2008  IBM  Corporation.  All  rights  reserved. 


ssa 


5£; 

i  ^ 


£ :0¥SM 


' 

s\WM 


IMas 


mmm 


.INFRASTRUCTURE  LOG 

_DAY  94:  We  don’t  have  the  insights  to  maintain  our  IT  service- 
level  agreements!  We  can’t  deliver  against  our  objectives!  How 
are  we  supposed  to  do  our  jobs  in  the  dark? 

_Gil  rented  a  giant  searchlight  to  give  us  a  little  “visibility.” 
He’s  also  temporarily  blinded  all  the  administrators. 

_DAY  96:  I  found  a  better  way.  Hardware,  software  and  services 
from  IBM  Service  Management  give  us  the  integrated  visibility, 
control  and  automation  we  need — like  dashboards  that  give  us 
insights  to  manage  against  business  objectives.  We  can  improve 
governance  and  minimize  risks.  And  we  can  keep  tabs  on  the 
status  and  health  of  our  services  at  each  stage  of  their 
lifecycle  while  tracking  our  SLAs  in  real  time. 

_Now  if  we  could  just  get  our  vision  plan  to  cover  “rampant  idiocy.” 


Take  the  IT  Service  Management  assessment  at: 

IBM.COM/TAKEBACKCONTROL/VISIBLE 


■  SPOTLIGHT  I  STORAGE 


Continued  from  page  27 

over  weeks  and  months, 
the  mass  exodus  from  New 
Orleans  to  cities  like  Baton 
Rouge  and  Houston  created 
traffic  and  housing  prob¬ 
lems.  So  FARA  executives 
decided  to  look  northward. 

“Nashville  had  the  most 
hotel  rooms  available  and 
[was]  the  least-talked-about 
destination  for  our  local 
evacuee  population,”  says 
Richard.  “Going  forward, 
we’ve  expanded  our  Nash¬ 
ville  office  to  accommodate 
essential  teams.  Everyone 
knows  that’s  where  you 
should  go.” 

Some  IT  staffers  will  still 
travel  to  the  Baton  Rouge 
data  center,  but  Nashville 
will  accommodate  the  most 
employees  and  their  fami¬ 
lies.  “We’ve  identified  vets, 
kennels,  everything,  as  well 
as  different  routes  to  get 
there  by  car,”  Richard  says. 

FARA  also  purchased  a 
mobile  response  unit  for  its 
property  claims  manage¬ 
ment  services  operation. 

The  air-conditioned  vehicle 
sports  a  satellite  dish  and 
supports  VoIP,  fax  and  Inter¬ 
net  connectivity.  It  also  has 
an  office  with  a  kitchen. 

“It’s  ready  to  hit  the  road 
and  go  into  affected  areas 
and  provide  specific  insur¬ 
ance  services,”  Richard 
says. 

With  remote  access  to 
Web  applications,  communi¬ 
cations  control  and  efficient 
disaster-recovery  centers  in 
place,  Richard  says  FARA  is 
ready  for  any  disaster. 

“Our  industry  is  talking 
about  pandemics  -  how 
would  we  deal  with  not  just 
natural  disasters,  but  these 
other  types  of  disasters,” 
Richard  says,  “if  we  have 
control,  we  could  do  this 
ourselves.”  ■ 

Collett  is  a  Computerworld 
contributing  writer.  Contact 
her  at  Stcollett@aol.com. 


1  Tulane  University 

Following  Katrina,  the  university’s 
top  priority  was  getting  its  people 
paid  Now  its  payroll  system  is 
safer  than  ever.  ARY  ANT 


The  good  news 
was  that  Tulane 
University’s  IT 
disaster  plan 
specified  how 
to  prepare  for  a  hurricane. 
The  bad  news  was  that  it 
didn’t  say  how  to  recover 
from  one. 

“We  had  a  plan  that  said 
when  there  was  an  impend¬ 
ing  storm,  how  we’d  shut 
things  down,  how  we’d  do 
the  backups  and  how  we’d 
protect  the  equipment  — 
and  all  that  worked  fine,” 
says  CIO  Paul  Barron,  dis¬ 
cussing  how  Tulane  girded 
for  Hurricane  Katrina.  “But 
we  hadn’t  thought  through 
what  we’d  do  if  the  disaster 
actually  occurred.” 

But  Barron  and  his  IT 
cohorts  have  thought  about 
that  a  good  deal  since  the 
deadliest  and  costliest 
hurricane  in  U.S.  history 
slammed  into  New  Orleans 
on  Aug.  29, 2005.  They  have 
sharpened  the  preparedness 
part  of  the  plan,  laid  out  in 
detail  how  to  recover  from 
a  storm  and  extended  the 
plan  to  cover  other  kinds  of 
disasters  besides  hurricanes. 

After  Katrina,  backup 
tapes  prepared  before  the 
storm  were  recovered  intact, 
but  the  power  was  out  in 
the  data  center  and  nobody 
knew  where  to  send  the 
tapes  for  processing.  No 
backup  site  had  been  pre¬ 
arranged.  Fortunately,  Sun- 
Gard  Availability  Services 

&  Tulane’s  Reily  Student  Recre¬ 
ation  Center  served  as  a  shelter 
for  the  emergency  team  during 
Hurricane  Katrina. 


was  able  to  offer  some  spare 
computer  capacity  in  Phila¬ 
delphia,  even  though  Tulane 
didn’t  have  a  contract  with 
the  unit  of  SunGard  Data 
Systems  Inc.  After  consider¬ 
able  debate,  the  tapes  were 
sent  there. 

Getting  payroll  up  and 
running  again  was  the  uni¬ 
versity  president’s  top  pri¬ 
ority.  “That  would  make  a 
statement  that  we  were  still 
here  and  that  the  university 
was  still  functioning,”  says 
Barron.  “Plus  a  lot  of  people 
needed  the  money.”  Tulane 
missed  its  Aug.  31  payroll,  but 
after  a  valiant  effort,  it  was 
processed  in  Philadelphia, 
just  four  days  late,  he  says. 

The  next  time  disaster 
hits,  there  are  not  likely  to 
be  any  missed  payrolls,  says 
Barron,  who  was  appointed 
CIO  in  October  2005.  Tulane 
now  has  a  rapid-recovery 
contract  with  SunGard  that 
guarantees  capacity  when 
needed  in  an  emergency. 
The  contract  also  provides 
for  delivery  of  a  mobile  data 


center  that  could  be  used 
for  local  processing.  And 
instead  of  moving  backup 
tapes  to  a  site  in  New  Or¬ 
leans  once  a  week,  tapes 
now  go  to  Baton  Rouge  three 
times  a  week. 

Leo  Tran,  Tulane’s  infor¬ 
mation  security  officer  and 
the  chief  architect  of  the 
new  recovery  plan,  says  IT 
now  has  a  detailed  “direc¬ 
tory  of  critical  resources” 

—  hardware,  software  and 
people.  The  inventory  can 
be  used  as  a  checklist  before 
and  after  a  storm  to  ensure 
that  nothing  is  forgotten, 
he  says.  In  addition  to  the 
more  frequent  tape  backups, 
he  says,  every  person  in  IT 
now  has  a  USB  key  to  which 
they  can  back  up  their  own 
critical  information  so  they 
can  take  it  with  them  when 
a  disaster  threatens. 

Coming  up  with  better 
disaster  preparedness  and 
recovery  plans  was  mostly  a 
matter  of  hard  work  and  at¬ 
tention  to  detail,  Tran  says. 

Barron  says  no  matter 
how  well  thought  out  a  plan 
is,  it  should  never  be  consid¬ 
ered  the  final  word. 

“Every  year  now,  in  July, 
at  the  start  of  hurricane  sea¬ 
son,  we  sit  down  with  the 
plan  and  see  what  we  need 
to  change,”  Barron  says. 

“We  go  through  all  the  sce¬ 
narios  again.”  ■ 


:| 


30  COMPUTERWORLD  MARCH  31,  2008 


TULANE  UNIVERSITY 


Estes  express 
Lines  Inc.  faced 
a  host  of  woes 
when  four  feet 
of  water  poured 
into  its  first-floor  data  center 
during  the  summer  of  2004. 
That  was  when  Hurricane 
Gaston  moved  off  the  Atlan¬ 
tic  Ocean  and  plunged  in¬ 
land  to  sock  Richmond,  Va. 
The  storm  stalled  over  the 
city  for  hours  and  caused 
unprecedented  damage. 

Estes’  headquarters  were 
hit  especially  hard  in  a 
disaster  that  escalated  rap¬ 
idly.  Windows  shattered,  a 
major  generator  exploded, 
and  company  executives 
watched  helplessly  as  185 
terminals  used  to  direct  the 
operations  of  more  than 
20,000  tractor-trailers  just 
died.  All  told,  the  storm  left 
Estes  with  $16  million  in 
hardware  losses. 

Since  then,  IT  executives 
at  the  Richmond-based 
trucking  giant  have  hustled 
to  make  sure  the  company 
is  far  better  prepared  should 
a  disaster  of  any  kind  strike 
again.  “We  are  not  distin¬ 
guishing  between  different 
types  of  disasters  we  might 
have  to  endure.  We  are  con¬ 
centrating  on  how  we  would 
run  operations,  regardless 
of  what  might  happen  to  our 
facilities  in  Richmond,”  says 
Dick  Cosby,  systems  admin¬ 
istrator  in  Estes’  electronic 
data  processing  services 
department. 

Estes  executives  realized 
that  in  its  effort  to  guard 
against  potential  damages, 
the  company  should  charge 


forth  on  several  fronts  and 
blend  both  new  and  tradi¬ 
tional  storage  technologies. 

For  instance,  Estes  pieced 
together  a  new  infrastruc¬ 
ture,  complete  with  soft¬ 
ware  that  allows  data  to  be 
whisked  off-site  immediate¬ 
ly.  The  new  architecture  is 
built  around  IBM  System  i 
platforms  and  wraps  in  the 
vendor’s  System  Storage 
DS8100  disk  systems  and 
TotalStorage  Enterprise 
Storage  Servers.  Associated 
software  includes  Flash- 
Copy  and  the  Backup  Re¬ 
covery  and  Media  Services 
application,  also  from  IBM. 

In  settling  on  the  compo¬ 
nents  that  would  support 
Estes’  new  storage  and 
business  continuity  plans, 
company  officials  decided 


»  Hurricane  Gaston  poured 
four  feet  of  water  into  Estes’ 
data  center  in  2004. 


without  hesitation  to  mirror 
the  new  architecture  in  a 
hurricaneproof  backup  site 
in  Mesa,  Ariz. 

“If  we  lose  a  building  in 
Richmond,  users  can  now 
get  access  through  the  In¬ 
ternet  or  a  VPN  connection 
to  our  systems  in  Arizona,” 
says  Cosby. 

Along  with  these  mea¬ 
sures,  Estes  tightened  its 
resolve  to  use  traditional 
tape-based  backup,  both  to 
keep  disaster  recovery  costs 
down  and  to  serve  as  an 
alternative  if  all  else  should 
fail.  “You  are  out  of  your 
mind  if  you  think  you  can 
live  without  tape,”  Cosby 


says.  “It  makes  zero  sense  to 
put  up  an  all-SAN  solution 
with  data  de-duplication.  It 
is  very  expensive  and  not 
nearly  as  reliable.” 

Ongoing  dedication  to 
tape  backup  is  common 
among  large  corporations, 
says  John  Webster,  an 
analyst  at  Illuminata  Inc.  in 
Nashua,  N.H. 

“A  majority  of  large  busi¬ 
nesses  are  still  using  tape, 
but  whether  tape  is  a  growth 
opportunity  is  very  much 
up  for  discussion,”  he  says. 
“Tape  is  certainly  under  fire 
as  disk  solutions  continue 
to  excel.  Also,  there  is  now 
a  renewed  interest  in  opti- 


Hurricane  Gaston  soaked  its  sys¬ 
tems.  Now  the  trucking  company 
mirrors  its  data  in  sunny  and  dry 
Arizona.  BY  JENNIFER  McADAMS 


MARCH  31,  2008  C0MPUTERW0RLD  31 


■  SPOTLIGHT  STORAGE 


cal  solutions,  which  have 
improved  vastly  in  perfor¬ 
mance.” 

Yet  for  Cosby  and  other 
Estes  executives,  tape  pro¬ 
vides  a  level  of  comfort,  as 
does  the  knowledge  that 
the  company  has  made 
every  effort  to  insulate 
operations  from  future 
disasters.  Cosby  urges 
others  not  to  tempt  fate 
and  wait  for  a  crisis  be¬ 
fore  they  begin  thinking 
through  the  steps  it  would 
take  to  stay  afloat  during 
an  emergency. 

As  an  example,  he 
points  to  the  fact  that 
hardware  and  software 
damage  might  well  pale  in 
comparison  to  the  public 
relations  nightmare  and 
credibility  loss  that  could 
result  if  systems  remain 
debilitated  for  a  signifi¬ 
cant  length  of  time. 

“All  of  a  sudden,  we 
were  off  the  air,  and  it 
would  be  hours  before 
anyone  knew  anything 
about  what  had  happened 
to  us,”  he  says,  reflecting 
on  the  effects  of  Hurri¬ 
cane  Gaston.  “We  learned 
from  this  experience  that 
all  of  the  precautions  we 
have  now  put  in  place 
don’t  cost  nearly  as  much 
as  being  out  of  business 
for  a  week.” 

Based  on  that  experi¬ 
ence,  Cosby  further  ad¬ 
vises  others  to  act  as  if  the 
worst  may  transpire  today 
or  tomorrow. 

“You’ve  got  to  plan  for 
total  disaster,  and  then 
you’ve  got  to  test  it,”  he 
says.  “The  way  most  stor¬ 
age  products  work  these 
days,  there  is  the  ability 
to  test  main  applications 
anytime.  Make  sure  you 
do  that.” 

McAdams  is  a  freelance 
writer  in  Vienna,  Va. 
Contact  her  at  JMTech - 
Writer@aol.com. 


Pin-to-pin  and  texting  proved 
reliable  during  Katrina.  So  when 
Rita  hit,  employees  were  briefed 
and  ready. 


Marriott  International  Inc. 
has  found  itself  in  the 
middle  of  some  of  the 
world’s  worst  recent  disasters. 

It  had  dozens  of  properties  dam¬ 
aged  in  Hurricane  Katrina,  its 
World  Trade  Center  hotel  was 
destroyed  in  the  Sept.  11  attacks, 
and  its  hotel  in  Jakarta,  Indone¬ 
sia,  was  bombed  in  August  2003, 
to  name  a  few.  Even  recent  ac¬ 
cidents  have  affected  its  opera¬ 
tions.  For  example,  February’s 
undersea  cable  cut  in  the  Persian 
Gulf  disrupted  Internet  service 
to  Marriott  hotels  in  the  region. 

“We  have  been  tested  as  a 
company  in  nearly  every  natural 
and  manmade  event  that  you  can 
think  of  over  the  last  10  years,” 
says  Wendell  Fox,  senior  vice 
president  of  shared  services. 

Bethesda,  Md.-based  Marri¬ 
ott’s  crisis  response  teams  have 
learned  that  no  two  disasters 
are  exactly  alike  and  each  offers 
its  own  lessons.  But  with  the 
right  people,  processes  and  gov¬ 
ernance  in  place,  it’s  possible  to 
be  better  prepared  for  whatever 
the  next  disaster  might  be. 

Take  Hurricane  Katrina,  for 
example.  Though  Marriott’s  cri¬ 
sis  teams  were  prepared  for  the 
storm,  its  magnitude  and  the 
subsequent  isolation  of  the  af¬ 
fected  area  because  of  flooding 
surpassed  their  expectations. 

As  Katrina  rolled  northward 
through  the  Gulf  of  Mexico, 
crisis  teams  made  sure  that  all 
systems  were  backed  up  and 
that  all  generators  were  working 
properly.  They  took  a  detailed 
inventory  of  assets  on-site  for 
insurance  purposes  and  estab¬ 
lished  shutdown  procedures. 
But  not  even  those  precautions 
could  protect  the  hotels.  Some 


63  Marriott  properties  in  the 
region  were  flooded,  and  many 
faced  security  issues.  Network 
circuits  were  knocked  out,  and 
communication  was  difficult. 

The  disaster  highlighted 
some  crucial  recovery  steps. 

For  example,  Page  Petry 
found  that  when  assessing  a 
property’s  needs,  the  needs  of 
employees  personally  affected 
by  the  disaster  also  have  to  be 
considered.  “Have  the  right 
complement  of  associates 
coming  in  on  a  task  force”  from 
outside  the  region,  says  Petry, 
Marriott’s  senior  vice  president 
of  information  resources,  North 
American  lodging  field  services. 

PUT  TO  THE  TEST 

After  Katrina,  Marriott  created 
a  rapid-response  plan  to  pull 
together  people  with  a  cross- 
section  of  skills  from  various 
regions.  “Once  you  identify  the 
situation,  you  can  determine 
what  skills  you  need  and  then 
deploy,”  Petry  notes. 

And  make  sure  the  recovery 
teams  use  a  mix  of  cell  phones 
and  BlackBerry  devices  with 
service  from  different  carriers, 
she  advises. 

“Different  components  would 
fade  in  and  out  at  different 
times  as  the  city  came  back  on¬ 
line.  Our  challenge  was  to  get  a 
good  handle  on  what  technolo¬ 
gies  were  up,”  Petry  explains. 
BlackBerry  pin-to-pin  commu¬ 
nication  and  texting  proved  to 
be  the  most  reliable. 

Just  two  weeks  after  Katrina, 
that  lesson  was  put  into  prac¬ 
tice  when  Hurricane  Rita  struck 
the  region.  Employees  were 
quickly  educated  on  the  Black¬ 
Berry  features,  which  became 


part  of  the  disaster  recovery 
plan.  “So  it  was  that  immedi¬ 
ate  sense  of  turning  something 
around  and  putting  it  into  prac¬ 
tice,”  Petry  says. 

Indeed,  communication  is  an 
ongoing  challenge.  The  team 
recently  deployed  MessageOne 
Inc.’s  AlertFind  service,  which 
quickly  notifies  crisis  team 
members  via  phone  and  e-mail 
in  a  matter  of  minutes. 

“We  conduct  tests  quarterly 
and  can  consistently  contact 
90%  to  95%  of  members  in  a 
half-hour  time  frame,”  says  Al 
Sample,  senior  vice  president 
of  client  services  and  head  of 
the  information  resources  crisis 
team. 

Contact  with  key  vendors, 
particularly  telecommunica¬ 
tions  providers,  was  another 
component  of  recovery.  “Every¬ 
one  is  competing  for  their  re¬ 
sources,  and  you  want  to  have 
those  requests  in,”  Petry  says. 

Having  an  executive-level  cri¬ 
sis  team  leader  who  can  make 
quick  decisions  “on  the  spot 
and  with  the  right  input”  was  a 
key  success  factor  in  recover¬ 
ing  from  Katrina,  Sample  says. 

As  part  of  Marriott’s  formal 
governance  process,  the  crisis 
team  includes  representatives 
from  the  human  resources 
engineering,  medical,  legal 
and  operations  departments. 
The  leader  includes  only  those 
key  people  in  decision-making 
meetings  or  conference  calls, 
with  extra  input  as  needed. 

“[Say]  we  need  to  buy  supplies 
or  have  a  security  firm  go  in  and 
secure  a  hotel.  Most  of  those  are 
financial  decisions,”  so  having 
an  executive  who  can  make  that 
call  is  important,  Sample  adds. 

“Don’t  plan  for  discrete  sce¬ 
narios,”  Fox  advises.  “Have 
processes  that  can  respond  to 
any  event.” 

You  may  think  of  disaster 
recovery  in  terms  of  tornados, 
floods  or  earthquakes,  he 
warns,  but  your  next  disaster 
probably  “won’t  be  anything  on 
your  list.”  ■ 


32  COMPUTERWORLD  MARCH  31,  2008 


Ul-TBiUSfl  jjH 

The  Ultimate  Tape  Format, 


ENCRYPT  YOUR  DATA  WITH  THE  NEW  LTO  ULTRIUM  GENERATION  4  TECHNOLOGY. 

LTO  ULTRIUM  4  TECHNOLOGY  CAN  PROVIDE  TAPE  DRIVE  LEVEL  ENCRYPTION  TO  HELP  PROTECT 
YOUR  SENSITIVE  INFORMATION.  AND,  WITH  TAPE  CARTRIDGE  CAPACITIES  UP  TO  1.6  TB*  AND 
TAPE  DRIVE  SPEEDS  UP  TO  240MB*  PER  SECOND,  LTO-4  TECHNOLOGY  CAN  HELP  YOU  REDUCE 
STORAGE  COSTS  WHILE  ADDRESSING  DATA  SECURITY. 

HELPING  TO  REDUCE  STORAGE  COSTS  AND  PROTECT  DATA! 

For  more  information  about  LTO  Ultrium  4  Technology  visit:  www.trustlto.com 


SSI 


^  jfe# 

m  -  ' 


ASSUMES  2:1  COMPRESSED  DATA.  LINEAR. TAPE-OPEN,  THE  LTO  LOGO,  ULTRIUM,  AND  THE  ULTRIUM  LOGO  ARE  TRADEMARKS 
OF  HP,  IBM  AND  QUANTUM  IN  THE  US  AND  OTHER  COUNTRIES. 


■  SPOTLIGHT  STORAGE 


Cell  tower  damage  in  Katrina’s 
wake  left  many  people  discon¬ 
nected.  The  casino’s  plans  now 
call  for  a  specified  meeting  place 


«  The  Biloxi  Hard  Rock  suffered 
severe  damage  just  days  before 
its  grand  opening. 

John  Murphy,  vice  president 
and  CIO.  “It  was  quite  a 
weekend.” 

It  was  a  weekend  that  en¬ 
tailed  some  final  touches  on 
a  pristine  architecture,  but  it 
was  also  a  weekend  marked 
by  updates  to  the  company’s 
“hurricane  hotline”  and 
redoubled  efforts  to  make 
sure  sufficient  backup  tapes 
and  other  disaster  recovery 
provisions  were  on  hand, 
Murphy  says. 

“We  recovered  very 
quickly”  from  an  IT  perspec¬ 
tive,  says  Rob  Weir,  director 
of  technology.  “Within  two 
days,  we  had  critical  servers 
back  online  and  were  able  to 
process  payroll.” 

“If  a  similar  event  were 
to  happen  today,  we  would 
react  in  much  the  same 
way.  We  did  a  lot  of  things 
right,  but  some  things  we 
just  were  not  prepared  for,” 
says  Weir.  Among  other 
things,  the  Hard  Rock  staff¬ 
ers  didn’t  expect  the  storm 
to  cause  as  much  damage 
as  it  did  —  especially  to 
the  local  communications 
infrastructure.  “Cell  towers 
had  been  heavily  damaged, 
so  communicating  was  ac¬ 
complished  strictly  through 
text  messaging  and  only 
after  several  days  of  total 
outages,”  says  Weir. 

As  a  result,  the  Hard  Rock 
has  changed  its  plans  for 


the  main  server  room 
was  spared,  the  floor  was 
covered  with  six  inches  of 
standing  water. 

Looking  back  on  the  dev¬ 
astation  with  no  shortage 
of  “Katrina  fatigue,”  Hard 
Rock  executives  stand  by 
the  plan  that  kicked  into 
action  as  the  entire  area 
braced  for  the  hurricane. 
“When  we  received  word 
that  we  were  in  the  path  of 
the  storm,  we  immediately 
began  our  disaster  recovery 
preparations  while  continu¬ 
ing  to  make  arrangements  to 
open  in  a  few  days,”  recalls 


Hard  rock 
Hotel  &  Ca¬ 
sino  in  Biloxi, 
Miss.,  was  two 
days  shy  of  its 
grand  opening  when  compa¬ 
ny  executives  realized  that 
their  first  guest  would  be 
an  unwelcome  one.  Hurri¬ 
cane  Katrina  was  barreling 
toward  the  Gulf  Coast  town 
and  would  pound  the  casino 
before  the  doors  had  even 
opened  to  the  public. 

The  killer  storm,  which 
made  landfall  in  Louisiana 
and  Mississippi  on  Monday, 
Aug.  29, 2005,  caused 
$148  million  in  damage  to 
the  Hard  Rock.  Hit  hard 


were  the  entertainment  be¬ 
hemoth’s  brand-new  gaming 
facilities,  which  floated  fully 
exposed  on  a  pair  of  barges 
in  order  to  satisfy  offshore 
gambling  laws.  While  some 
IT  assets  bobbed  alongside 
banks  of  slot  machines  on 
the  barges,  the  main  server 
room  was  in  an  office  build¬ 
ing  on  land.  Yet  that  equip¬ 
ment  proved  just  as  vulner¬ 
able  in  the  face  of  a  30-foot 
storm  surge  that  caused  the 
Hard  Rock  to  suffer  a  huge 
loss. 

Equipment  located  in  the 
casino  structure  and  on  the 
first  two  floors  of  the  build¬ 
ing  was  lost.  And  although 


34  C0MPUTERW0RLD  MARCH  31,  2008 


deploying  personnel  if  it 
faces  another  disaster,  says 
Murphy.  “We  plan  to  have 
an  assessment  team  meet 
immediately  at  a  specified 
time  and  place  to  determine 
the  extent  of  the  damage 
and  the  best  course  of  ac¬ 
tion.  Additionally,  we  all 
carry  car  chargers  for  our 
cell  phones,”  he  says,  noting 
that  employees  faced  a  lack 
of  batteries  and  power. 

Preparing  for  the  next 
disaster  has  also  entailed 
setting  new  target  recovery 
times.  “Our  primary  goal  was 
to  reduce  backup  windows 
by  performing  disk-to-disk 
backups  followed  by  copies 
to  tape,”  says  Weir.  “We  now 
use  an  off-site  storage  facility 
that  picks  up  our  tapes  daily 
for  secure  storage. 

“In  making  these  changes, 
we  drastically  reduced  our 
backup  window  and  can 
now  back  up  approximately 


50  servers  with  over  2TB 
of  data  in  a  few  hours,”  he 
added.  That’s  a  vast  improve¬ 
ment  over  the  68  hours  it 
once  took  the  Hard  Rock  to 
complete  backups. 

The  Hard  Rock  achieved 
those  goals  with  the  help 
of  storage-area  networking 
software  from  EqualLogic 
Inc.,  which  was  recently 
acquired  by  Dell  Inc.  The 
company  now  uses  Equal- 
Logic’s  PS  Series  SAN  array, 
as  well  as  data  management 
software  from  CommVault 
Systems  Inc.  Those  systems 
host  applications  like  Oracle 
Corp.’s  PeopleSoft  financial 
software. 

“Our  disaster  recovery 
objectives  are  well  defined,” 
says  Murphy.  “Our  primary 
systems  that  must  be  recov¬ 
ered  include  financial,  pay¬ 
roll  and  human  resources. 
Recovery  times  for  these 
systems  are  critical.  If  we 


a  A  30-foot  storm  surge  left 
destruction  in  its  wake. 

were  to  have  a  complete 
loss,  we  now  anticipate  re¬ 
covery  times  to  be  in  the  10- 
to-12-day  range.  This  would 
include  the  time  it  would 
take  to  order  new  equip¬ 
ment  and  have  it  shipped.” 

Although  Katrina  prompt¬ 
ed  the  Hard  Rock  to  take  an 


even  deeper  look  at  disaster 
recovery,  Murphy  empha¬ 
sizes  the  company’s  deter¬ 
mination  to  look  forward. 

“Simply  put,  it  is  just  time 
to  move  on,”  he  says.  “How¬ 
ever,  it  is  important  that 
we  remember  the  lessons 
learned  during  the  storm,  so 
that  we  may  be  better  pre¬ 
pared  next  time.”  ■ 


Tougher  than  nails  for  maximum  throughput.  Add  an  i600  to  your  business,  and 
enjoy  legendary  durability,  powerful  performance,  high  image  quality  and  exceptional 
value—on  an  ongoing  basis  that's  reaily  ongoing.  Nail  down  new  productivity. 


©Kodak,  2008.  Kodak  is  a  trademark. 


Visit  kodak.com/go/tuff 


Your  disaster  recovery  plan  is 
worthless  if  your  people  aren’t 
clued  in  to  it.  Here  are  some  sure¬ 
fire  ways  to  make  everyone  listen. 

BY  THOMAS  HOFFMAN 


that  we  should  have  had 
these  discussions  previous¬ 
ly,”  says  Bereskin.  Now  they 
do;  Bereskin  says  he  coor¬ 
dinates  disaster  planning 
meetings  with  his  business 
peers  several  times  a  year. 

The  situation  at  ISTA 
highlights  the  types  of 
communication  problems 
that  often  exist  among  di¬ 
saster  recovery  managers, 
business  executives  and 
line  workers,  according  to 
disaster  recovery  experts. 
“The  people  side  of  disaster 
recovery  planning  is  often 


overlooked,”  says  John 
Linse,  director  of  business 
continuity  services  at  EMC 
Corp.  At  many  organiza¬ 
tions,  when  it  comes  to  com¬ 
municating  disaster  recov¬ 
ery  plans,  “there’s  almost 
this  ‘shoot,  ready,  aim’  kind 
of  approach,”  says  Linse. 

For  instance,  one  of 
EMC’s  Midwestern  custom¬ 
ers  didn’t  have  an  effective 
disaster  recovery  plan  in 
place  when  it  suffered  a 
power  outage  last  June,  so  a 
$7-an-hour  security  guard 
ended  up  being  the  one  who 


TOOL  TIME 

At  Austin  Energy,  CIO 
Andres  Carvallo  says  the 
purchase  of  a  disaster  re¬ 
covery  planning  tool  was  an 
essential  element  in  bring¬ 
ing  key  decision-makers 
together  to  craft  a  recovery 
plan  in  late  2003.  Using  the 
Living  Disaster  Recovery 
Planning  System  (LDRPS) 
from  Strohl  Systems  Group 
Inc.,  Carvallo  and  Austin 
Energy’s  disaster  recov¬ 
ery  manager  worked  with 
supervisor-level  business 
process  owners  to  identify 
which  processes  needed  to 
be  recovered  and  when. 

“As  you  go  through  this 
business  by  business,  you 
populate  the  software  with 
business  processes  and 
the  people  who  need  to  be 
involved  in  the  decision¬ 
making,”  says  Carvallo.  “In 
our  case,  1,600  people  are 
impacted  by  the  tool.” 

Although  LDRPS  is  only 
one  component  of  Carvallo’s 
effort  to  communicate  the 
disaster  recovery  plan  to 
his  fellow  Austin  Energy 
employees,  he  says  it  has 
played  a  big  role  in  helping 
the  utility  map  a  strategy 
and  get  the  message  to  reso¬ 
nate  with  its  staff. 

Since  Austin  Energy  deals 
with  power  outages  on  a 
regular  basis,  disaster  re¬ 
covery  is  already  embedded 


1  •  •  1 


Last  November, 
a  fire  broke  out  in 
one  of  the  build¬ 
ings  on  ISTA 
Pharmaceuticals 
Inc.’s  main  campus,  forc¬ 
ing  about  50  employees  to 
move  to  another  location 
on  the  property.  After  the 
building’s  sprinklers  kicked 
in,  the  entire  network  had 
to  be  shut  down  because  the 
water  threatened  the  equip¬ 
ment  carrying  the  compa¬ 
ny’s  inbound  data  traffic. 

Managers  and  employees 
at  the  Irvine,  Calif.-based 
ophthalmic  pharmaceutical 
company  handled  the  situ¬ 
ation  with  composure,  says 
IT  Director  Keith  Bereskin. 
The  company’s  network  and 
core  applications  were  back 
online  within  two  hours, 
and  only  10  of  the  affected 
employees  had  to  stay  away 
from  their  offices  for  more 
than  three  hours,  according 
to  Bereskin. 

Not  bad,  “considering  it 
wasn’t  something  we  for¬ 
mally  talked  about,”  he  says. 

ISTA’s  “mini-disaster” 
happened  to  coincide  with  a 
disaster  recovery  gap  analy¬ 
sis  being  conducted  at  the 
company.  In  that  analysis,  a 
consultant  discovered  that 
the  IT  department,  which 
oversees  disaster  recovery 
coordination,  and  the  busi¬ 
ness  divisions  needed  to 
communicate  more  effec¬ 
tively,  says  Bereskin. 

The  fire  and  the  sub¬ 
sequent  analysis  helped 
spur  ongoing  discussions 
between  Bereskin  and  his 
peers  in  various  business 
departments  to  determine 
what  their  expectations 
would  be  during  a  recovery. 
Among  other  things,  they’re 
working  to  identify  the  data 
they  would  need  right  away 
and  the  systems  and  pro¬ 
cesses  that  would  have  to  be 
restarted  immediately. 
“People  have  said  to  me 


made  the  decision  to  send 
home  the  1,300  affected 
employees.  The  outage 
lasted  two  days  and  cost 
the  company  $1.3  million 
in  business,  including  esti¬ 
mated  lost  revenue  for  or¬ 
ders  that  couldn’t  be  taken. 
Afterward,  EMC  helped  the 
company  craft  a  business 
continuity  plan  that  includ¬ 
ed  identifying  key  business 
processes  that  need  to  stay 
up  during  a  disaster  —  and 
which  people  are  respon¬ 
sible  for  them. 


36  C0MPUTERW0RLD  MARCH  31,  2008 


C  ISTOCKPHOTO.COM  /  LISE  GAGNE 


into  its  culture,  but  Carvallo 
says  that  prior  to  his  arrival 
at  the  utility  in  early  2003, 
business  continuity  “really 
wasn’t  understood  as  a  re¬ 
sponsibility  of  every  line  of 
business.  So  we  had  to  drive 
this  companywide.” 

LDRPS  has  helped  Carval¬ 
lo  achieve  that  goal  because 
it  can  track  the  percentage 
of  the  disaster  recovery 
process  that  each  manager 
is  responsible  for.  “It  helps 
drive  this  whole  notion  of 
accountability,”  he  says. 

FIELD  TRIP 

Carvallo’s  approach  to  en¬ 
gaging  the  decision-makers 
and  line  managers  ultimate¬ 
ly  responsible  for  executing 
key  business  processes  un¬ 
derscores  the  importance  of 
spreading  disaster  recovery 
planning  to  all  corners  of  an 
organization. 

One  way  to  get  the  word 
out  is  by  organizing  a  field 
trip.  Shortly  after  Vinny 
Licht  became  CIO  and 
took  over  disaster  recovery 
responsibilities  at  Tauck 
World  Discovery  five  years 
ago,  he  arranged  for  em¬ 
ployees  to  visit  the  Norwalk, 
Conn.-based  tour  operator’s 
disaster  recovery  site. 

The  turnout  and  response 
“was  huge,”  says  Licht. 
“[Employees]  know  we  have 
a  site  and  [that]  if  there’s  a 
disaster,  everyone  should  go 
there.” 

“To  have  a  really  effective 
plan,  you  have  to  wire  it  into 
the  DNA  of  the  organiza¬ 
tion,”  says  Rod  Masney, 
chairman  of  the  Americas’ 
SAP  Users’  Group  and  glob¬ 
al  director  of  IT  infrastruc¬ 
ture  services  at  Owens- 
Illinois  Inc.,  a  Perrysburg, 
Ohio-based  glass  container 
manufacturer. 

Five  years  ago,  when  he 
was  employed  at  a  different 
company,  Masney  worked 
with  business  leaders  to 


craft  a  disaster  recovery 
plan  that  included  creating 
recovery  procedures  for 
each  business  unit. 

To  engage  some  of  the  se¬ 
nior  business  managers  who 
were  “less  passionate”  about 
disaster  recovery  planning, 
Masney  and  other  business 
leaders  drew  them  into 
practice  drills  “so  that  they 
could  see,  hear  and  under¬ 
stand  our  objectives  for  key 
functional  areas,”  he  says. 
Involving  stragglers  in  the 
practice  tests  helped  con¬ 
vince  them  of  the  need  to 
document  and  test  disaster 
recovery  procedures  within 
their  areas  of  responsibility, 
says  Masney. 

To  help  make  it  easier  for 
slow-to-respond  managers 


to  develop  business  continu¬ 
ity  plans  for  their  depart¬ 
ments,  Masney  and  other 
members  of  the  disaster  re¬ 
covery  planning  group  pro¬ 
vided  them  with  business 
continuity  software  tem¬ 
plates  that  other  business 
units  had  already  developed. 
The  templates  included 
a  guide  to  help  managers 
identify  which  people  in 
their  organizations  should 
respond  to  help  get  opera¬ 
tions  up  and  running  again. 

Most  of  the  dawdlers  “got 
on  board  very  quickly,”  says 
Masney.  But  that  response 
wasn’t  universal. 

“We  had  one  functional 
area  where  we  had  trouble 
getting  those  folks  on 
board,”  he  says.  “They  didn’t 


really  understand  what  we 
were  trying  to  do.  Perhaps 
we  weren’t  providing  the 
right  type  of  education  to 
them.” 

BATTLING  INERTIA 

Some  of  the  managerial  and 
employee  resistance  to  di¬ 
saster  recovery  planning  can 
be  chalked  up  to  the  fact  that 
business  people  face  other 
day-to-day  demands  that 
often  carry  a  stronger  sense 
of  immediacy,  says  Jim 
Michael,  treasurer  of  Share, 
an  IBM  users  group. 

“Business  continuity 
planning  is  like  life  insur¬ 
ance:  It’s  not  sexy,  and  no¬ 
body  wants  to  talk  about  it 
until  it  happens,”  says  Larry 
Bonfante,  CIO  at  the  U.S. 
Tennis  Association  in  White 
Plains,  N.Y. 

An  effective  way  of  com¬ 
municating  a  disaster  recov¬ 
ery  plan  to  employees  is  to 
summarize  the  critical  busi¬ 
ness  processes  that  need  to 
continue  and  explain  how 
they’re  being  prioritized 
and  why,  says  Michael,  who 
is  also  an  IT  manager  at  a 
California  state  university. 
“You  don’t  hand  them  a 
140-page  document  and  say, 
‘Go  figure  this  out.’  You’re 
respecting  the  fact  that  this 
is  a  complicated  process  and 
that  you’re  trying  to  make  it 
clear  to  them,”  he  says. 

Like  Carvallo,  Michael 
has  stressed  the  importance 
of  engaging  the  line  manag¬ 
ers  who  are  closest  to  the 
business  processes  being 
addressed. 

Says  Michael,  “The  plan  is 
only  going  to  be  as  effective 
as  [business  managers]  help 
the  plan  to  become.” 

Including  front-line  em¬ 
ployees  in  practice  drills  not 
only  ensures  that  the  plan 
works;  it  shows  people  what 
to  do.  “It’s  a  fire  drill,”  says 
Michael.  “I  know  what  to  do 
because  I’ve  practiced.” 


Calamity  Check 

Practice  doesn’t  guarantee  sue-  »  mission-critical  data  stored 
cess,  but  test  drills  certainly  help  *  at  a  location  away  from  your 
disaster  recovery  managers  and  t  primary  data  center  and  pull 
project  teams  to  identify  gaps  I  that  data  into  test  drills, 
and  areas  for  improvement  in  *  «  Practice  for  just 

their  organizations’  disaster  pre-  ®  one  type  of  event.  Disasters 
paredness.  Practitioners  offer  *  come  in  all  shapes  and  sizes, 
the  following  checklist  of  what  *  Practice  for  different  scenarios 
to  do  (and  what  not  to  do)  during  l  (for  example,  a  network  outage 
a  test  run.  I  or  a  pandemic)  to  help  employ- 

■  00:  Make  sure  that  key  *  ees  understand  the  impact  of 
decision-makers  and  rank-  ®  different  types  of  disasters  and 
and-file  employees  alike  *  what  their  roles  are  expected 
have  access  to  the  disaster  •  to  be. 
recovery  plan  or  a  cheat  l  »  Use  your  test  drill 

sheet,  even  if  it’s  a  simple  set  *  to  figure  out  your  communi- 

of  instructions  they  can  keep  in  *  cation  plan.  Testing  communi- 

their  purses  or  wallets.  *  cation  should  be  a  key  part  of 

a  DO:  Before  the  drill  *  your  drill.  Disaster  recovery  team 

starts,  identify  a  single  I  members  should  have  Black- 

leader  to  communicate  to  em-  t  Berry  and  cell  phone  contact  in- 

ployees  what  needs  to  be  done.  *  formation  for  key  personnel,  and 

ii  DO:  Establish  clear  *  they  should  keep  that  informa- 

objectives  for  the  exercise.  *  tion  both  at  work  and  at  home. 

Understand  what  is  meant  ®  *  Play  the  test  drill 

by  success.  If  systems  aren’t  as  a  low-key  event.  Even 
recovered  in  time  or  you  fail  l  though  it’s  only  a  drill,  behave  as 

some  other  aspect  of  the  test,  ®  though  it’s  a  real  crisis.  Practice 

it’s  not  a  failure  as  long  as  your  *  the  way  you  want  it  to  play  out 

organization  learns  from  it.  in  real  life. 

m  DO:  Make  sure  you  have  ®  -  THOMAS  HOFFMAN 


MARCH  31,  2008  C0MPUTERW0RL0  37 


Emergency  Situation 


W 


HEN  DISASTER  STRIKES  a  community, 
first  responders  race  to  the  scene.  But  where 
does  everyone  else  affected  by  the  event  go? 
To  the  hospital. 


Whether  it’s  a  hurricane, 
a  fire,  a  flood,  a  factory  ex¬ 
plosion,  a  108-car  pileup  on 
Highway  99  in  California 
or  a  20-car  crash  on 
1-94  in  Indiana,  hospitals 
are  where  people  congre¬ 
gate.  That’s  where  the  ex¬ 
tent  of  the  human  damage 
is  ultimately  calculated 
and  communicated  to  the 
world  at  large. 

Hospitals  are  the  hub 
for  a  community  reeling 
from  a  catastrophe.  They 
are  where  individuals  seek 
answers  to  questions  about 
those  who  survived  and 
those  who  did  not.  People 
expect  doctors,  nurses, 
technicians  and  other 
staffers  to  be  on  duty  and 
ready  to  heal  and  comfort 
those  affected. 

Medical  authorities  un¬ 
derstand  this.  That’s  why 
the  American  Hospital  As¬ 
sociation  requires  its  nearly 
6,000  member  hospitals 
to  have  disaster  prepared¬ 
ness  committees  that  are 
responsible  for  planning 
how  they  will  respond  to 
large-scale  emergencies. 
It’s  essential  that  those 
plans  include  an  effective 
communication  structure. 

Hospitals  are  definitely 
on  the  right  track,  but  I’m 
concerned  that  their  well- 
laid  plans  could  get  derailed. 


In  the  past,  many  hospi¬ 
tals  relied  on  phone  trees 
to  get  people  where  they 
needed  to  be.  You  know, 
Mary  calls  John  and  Sue. 
They  call  Bill  and  Trudy 
and  Donna  and  Linda.  And 
so  on.  Sometimes  radio 
and  TV  stations  broadcast 
calls  for  emergency  per¬ 
sonnel  to  get  to  the  hospi¬ 
tal  as  quickly  as  possible. 

In  a  pinch,  those  options 
are  better  than  nothing. 

But  hospitals  have  recog¬ 
nized  that  phone  trees  and 
media  pleas  have  limita¬ 
tions.  And  the  AHA  thinks 
a  more  comprehensive  and 
manageable  approach  to 
emergency  communica¬ 
tion  is  necessary  and  —  in 
an  era  of  instant  digital 
communications  technol¬ 
ogy  —  possible.  Therefore, 
the  organization’s  for- 
profit  subsidiary,  Ameri¬ 
can  Hospital  Association 
Solutions  Inc.,  last  year 
embarked  on  a  review  of  75 


9 iWe  are  becoming 
'  wholly  dependent 
upon  the  wonders  of 
the  Internet,  yet  an 
errant  boat  anchor 
can  disrupt  internet 
communications. 


companies  that  offer  some 
form  of  emergency  com¬ 
munications  systems. 

Mary  Longe,  director  of 
patient  flow  solutions  at 
Chicago-based  AHA  Solu¬ 
tions,  worked  with  con¬ 
sultants  at  Ernst  &  Young 
to  analyze  those  vendors’ 
products  and  services  and 
eventually  decided  to  rec¬ 
ommend  that  hospitals  use 
an  offering  from  National 
Notification  Network  LLC, 
which  does  business  as  3n. 

Glendale,  Calif. -based  3n 
has  a  software-as-a-service 
system  that’s  designed  to 
reach  people  instantly  in 
multiple  ways.  If  you’re, 
say,  a  perfusionist  (a 
specialist  who  runs  the 
heart-lung  machine  during 
cardiac  surgery)  and  you 
aren’t  answering  your  land 
line,  the  system  will  track 
you  down  over  your  cell 
phone,  pager,  BlackBerry 
or  whatever  method  is  list¬ 
ed  in  your  profile.  If  you 
happen  to  be  scuba  diving, 
it’ll  track  down  the  next 
perfusionist  on  the  list.  At 
the  same  time,  the  system 
will  be  contacting  doctors, 
nurses  and  anyone  else 
needed.  As  Longe  points 
out,  the  system  will  even 
know  if  the  hospital  needs 
additional  nonmedicai 
personnel  in  a  crunch  for 


vital  tasks  such  as  getting 
nonambulatory  patients 
up  and  down  stairwells. 

3n’s  system  has  links  to  all 
kinds  of  hospital  data,  so 
it  will  know,  for  example, 
which  floors  have  beds 
available.  And  it’s  designed 
to  escalate  the  communi¬ 
cations  process  to  include 
nearby  hospitals  when  one 
facility  is  overwhelmed. 

Longe  likes  the  fact  that 
3n  has  an  “active/active” 
pair  of  data  centers  —  one 
in  California,  the  other 
in  Colorado  —  that  use 
Oracle  Streams  technol¬ 
ogy  with  15-millisecond 
bidirectional  updates.  That 
setup  ensures  that  the 
system  will  be  available  as 
long  as  the  Internet  has  a 
heartbeat. 

That  brings  me  to  my 
one  and  only  concern.  As 
a  nation,  we  are  becom¬ 
ing  wholly  dependent 
upon  the  wonders  of  the 
Internet.  Yet  an  errant 
boat  anchor  was  able  to 
disrupt  Internet  commu¬ 
nications  in  Africa  and 
Asia  earlier  this  year.  And 
as  Computer  world’s  Gary 
Anthes  revealed  in  these 
pages  in  January,  ISPs 
haven’t  implemented  best 
practices  to  defend  against 
a  concerted  online  attack. 
As  never  before,  the  con¬ 
dition  of  the  Internet  is 
critical  to  the  health  of  the 
U.S.  But  unfortunately,  our 
plans  to  keep  it  healthy  are 
woeful  at  best.  ■ 

Mark  Hall  is  a  Computer- 
world  editor  at  large.  Con¬ 
tact  him  at  mark_hall@ 
computerworld.com. 


38  COMPUTERWORLD  MARCH  31,  2008 


m  fml  Wm  j  l^pl  mmm  v°  ?  i  w£RI  \  H  *  Jggyip  ^  /  I  "Vse  sH  ? 

, 

WlmflAi^  h, ) j  111J  G  ',s  J  *"  •*  '*4  IMP 

Now's  the  time  for  virtual  storage. 
Visit  hp.com/go/virfualstorage6 

©2008  Hewlett-Packard  Development  Company,  L.P.  The  information  contained  herein  is  subject  to  change  without  notice.  ’Source:  Edison  Group 


ALTERNATIVE  THINKING  ABOUT  STORAGE: 


I 


Self-optimizing  storage  is  more  powerful  and  cost-effective.  So  the  new 
HP  StorageWorks  4400  Enterprise  Virtual  Array  unifies  viewing  and  access 
of  up  to  96TB  of  storage  through  data  pooling  and  automatic  capacity 
allocation,  to  dramatically  simplify  managing  storage.  Bringing  storage 
together  saves  times  and  money.  Technology  for  better  business  outcomes. 


Up  to  96TB  virtual  storage  capacity. 

Enterprise-class  performance 
Over  30%  better  capacity  utilization 
Up  to  75%  less  time  needed  to 
configure  and  manage* 

Easy  application  integration 


A  Certification 
For  Networking 
‘Chefs’ 


MORE  CERT  NEWS 

Also  new  among  certifications 

is  the  RFID  Pro  certifica¬ 
tion  from  Academia  RFID. 


1 


■  Q&A 

Andrea  R. 
Nierenberg 

The  president  of 

The  Nierenberg  Group  Inc.,  a 

business  consultancy,  discusses 
working  with  difficult  people. 


Most  people  seem  to  deal  with 
the  people  who  make  their 
lives  difficult  at  work  in  one 
of  two  ways:  ignore  them  and 
hope  they  go  away,  or  go  over 
their  heads  and  complain  to  a 
boss.  Do  you  see  a  third  way? 
Ignoring  people  or  going  over 
their  heads  only  leads  to  conflict 
-  the  opposite  of  what  you  want 
to  achieve.  Negotiating  is  the  way 
to  truly  resolve  conflicts.  Instead 
of  taking  those  routes,  I’d  suggest 
that  you  take  a  deep  breath,  count 
to  10  and  remember  your  real  goal. 
Then  follow  these  steps: 

®  Ask  the  person  to  define  the 
problems  that  trigger  their  behav¬ 
ior,  from  their  point  of  view. 

«  Ask  open-ended  questions, 
take  notes,  and  periodically  sum 
up  what  the  person  is  saying. 
Those  things  telegraph  that  you’re 
taking  the  situation  seriously.  Arid 
really  listen  -  with  your  eyes  as 
well  as  your  ears,  paying  attention 
to  body  language  and  visual  cues. 
If  you  don’t  truly  listen,  the  words 
will  mean  nothing.  Make  sure  you 
have  a  poker  face  or  an  approach¬ 
able  expression  so  the  other  per¬ 


son  will  feel  comfortable  enough 
to  speak  freely.  Try  to  understand 
the  other  person’s  point  of  view  as 
fully  as  possible. 

h  Be  patient  and  ask  how  they 
would  handle  the  situation  if  your 
roles  were  reversed.  When  you 
both  have  looked  at  the  situa¬ 
tion  from  the  other  side,  it  will  be 
easier  to  find  a  way  to  resolve  the 
problem.  Work  together  toward 
a  solution;  dictating  a  resolution 
won’t  be  effective. 

Negotiating  with  people  I  don’t 
like  seems  iike  a  lot  of  effort. 
What’s  in  it  for  me?  Even 
though  you  may  not  like  the  per¬ 
son,  you  need  to  work  with  them. 

If  you  react  to  a  negative  situation 
by  acting  negatively,  you  are  letting 
the  negative  person  infect  you, 
which  only  pulls  you  down. 

And,  of  course,  every  situation 
presents  a  learning  opportunity. 
Take  the  time  to  ask,  What  can  I 
learn  from  this  person?  I  have  of¬ 
ten  said  that  we  learn  from  every¬ 
one  we  meet;  with  people  we  don’t 
like,  we  learn  what  not  to  do. 

-  JAMIE  ECKLE 


Cisco  Systems  Inc.,  which  is  known 
for  offering  a  range  of  network 
certifications,  later  this  year  plans  to 
offer  a  new  certification  for  the  most 
experienced  network  professionals. 

The  eight-hour  exam  is  for  net¬ 
working  professionals  interested  in 
being  identified  as  a  Cisco  Certi¬ 
fied  Design  Expert  (CCDE). 

The  certification,  which  will  be 
offered  late  this  year,  is  targeted  at 
very  senior-level  network  architects 
who  have  a  big-picture  view  of  the 
network  and  can  design  project  and 
integration  work  to  meet  organiza¬ 
tional  business  requirements,  says 
David  Bump,  portfolio  manager  for 
certifications  and  training  at  Cisco. 

Cisco’s  current  Cisco  Certified 
Internetwork  Expert  certification  “is 
for  very  experienced  cooks  in  the 
networking  pool.  The  CCDE  would 
be  the  chefs,”  says  Bump. 

To  meet  the  eligibility  requirements 
for  the  certification  exam,  network¬ 
ing  professionals  with  seven  or  more 
years  of  experience  must  first  take  a 
two-hour  qualification  exam,  which 
Cisco  began  offering  at  Pearson  Vue 


Visit  www.RFIDacademia.com 
for  more  information. 

And  (ISC)2  has  introduced 
an  online  self-assessment 
tool,  called  studlSCope,  for 
IT  professionals.  It  simulates 
the  CISSP  or  SSCP  exams, 
ottering  a  personalized  re¬ 
porting  system  with  learning- 
progress  indicators  that  offer 
insight  into  the  strengths  and 
weaknesses  of  a  candidate’s 
knowledge. 

The  tool  also  provides  a 
readiness  gauge  that  pin¬ 
points  a  candidate’s  under¬ 
standing  of  the  specific  areas 
covered  in  the  exam. 


testing  centers  on  Jan.  22  at  a  cost 
of  $300.  Cisco  hasn’t  set  a  price  yet 
for  the  CCDE  certification  exams, 
says  Bump. 

More  information  on  the  CCDE 
is  available  on  Cisco’s  Web  site. 
Follow  links  beginning  with  the 
Training  &  Events  tab  at  the  top  of 
the  Cisco.com  home  page. 

-  THOMAS  HOFFMAN 


CIOs  Going  Low-Tech 

Gartner  Inc.  recently  asked  the  largest  IT  recruiters  for  insight 

into  what  their  clients  want  and  why.  The  key  findings 

point  to  an  interest  in  hiring  CIOs  with  knowledge  ^ 

that’s  much  broader  than  what  can  be  gained  from 

working  in  IT:  m 

■  Senior  executives  will  not  require  their  next  CiOs  to  have  ^ 

engineering  or  computer  science  degrees.  A 

-  Q 

■  Senior  executives  want  their  next  CIOs  to  have  previously 

served  as  a  manager  of  a  non-IT  business  unit.  s 

■  Senior  executives  have  been  adding  non-IT-related  £ 

duties  to  the  IT  job  descriptions  of  their  existing  CIOs.  2: 


40  COMPUTERWORLD  MARCH  31,  2008 


Co-Branded 

EMAIL 

BLASTS 


of  professional  IT  job  seek¬ 
ers  with  Computerworld’s 
Co-Branded  Email  Blasts. 
This  unique  program  allows 
you  to  choose  your  criteria 
of  1 00%  opt-in  subscribers 
by  geography,  company 
size,  job  title  and  industry. 

Call  Laura  Wilkinson  at 
800-762-2977  for  details! 

COMPUTERWORLD 


Vee  Inc.  seeks  software  engi¬ 
neers,  analysts  or  DBA  to  cus¬ 
tomized  applications  using 
PeopleSoft,  Oracle,  Java, 
WebLogic,  C/C++,  VB,  etc.  Travel 
required.  Please  send  resumes  to 
13225  Northline  Rd,  Southfield, 
Ml  48195. 

Computer  Networking  Center 
seeks  DBA,  system  analyst,  S/W 
engineer  to  customize  applica¬ 
tions  using  skills  per  project 
requirements.  Must  have  MS  or 
BS  with  1-5yr  epx.  Travel 
required.  Send  resume  to 
info@ComputerNetworkingCenter.com 


Vice  President,  Computer 
Information  Systems.  Bachelors 
or  foreign  equiv  in  Comp  Sci  or 
Engg  &  2  yrs  exp  to  manage 
staff  &  review  prgms  using  PHP, 
VB,  SQL. Net  on  Unix  &  Win  plat¬ 
forms  in  multi  Iocs  Call  Ctr  Ops. 
Dsgn,  dvlp  &  configure  helpdesk 
s/ware  applies,  n/works,  servers, 
routers,  telecom  voice  &  data  IT 
infrastructures.  Train  &  supv 
worker.  Test  &  debug  prgms. 
Supv  10  computer  prof  Is.  Mail 
res  to  Jen  NY  Inc  dba  Farebuzz, 
213  W.  35th  St,  Ste  1201,  NY, 
NY  10001.  Job  loc:  NYC. 


Senior  Risk  Analyst,  NY,  NY. 
Apply  knowledge  of  object- 
oriented  programming,  princi¬ 
ples  of  statistical  analysis  to 
define  and  conduct  analyses  of 
risk  data;  perform  research  in 
developing  new  risk  models, 
evaluate  alternatives  and 
define  group  goals.  Master's 
Degree  or  foreign  equiv  in 
Eng'g  (any)  or  Comp  Sci  and  2 
yrs  exp  as  Junior 
Programmer  req'd.  Mail  CV  to 
OZ  Management  LP,  ref 
"cwwx"  Attn:  B.  Scanlon,  9 
West  57th  Street,  39th  FI.,  NY, 
NY  10019. 


Satyam  BPO,  a  leading 
outsourcing  solutions  and  ser¬ 
vices  company,  seeks  APQP 
Engineers;  Assistant  Engineers 
(manufacturing)  and;  Managing 
Engineers/Project  Managers. 
Technical  engineering  positions 
require  a  BS  or  equiv.  in  a 
relevant  engineering  field  and  at 
least  24  mo.  of  relevant  industry 
experience.  Project  manager 
positions  reauire  a  MS  degree  or 
equiv.  in  a  relevant  field  and 
relevant  industry  experience  (we 
will  consider  applicants  with  a  BS 
degree  and  significant  industry 
exp.  for  these  positions). 
Positions  are  based  out  of 
corporate  headquarters  and 
subject  to  long  term  relocation  to 
various  client  and  office  sites 
throughout  the  US.  Please  mail 
resumes  to:  Satyam  BPO, 
One  Gatehall  Drive,  Suite 
301,  Parsippany,  NJ  07054 
(please  specify  position  you  are 
applying  for). 


□ 


IT  Consultants  needed 
in  NJ,  VA,  IL,  KS  & 
other  unanticipated 
client  sites  as  Project 
Leads,  S/ware  Dvlprs 
&  Systems  Analysts. 
Mail  resume  to: 
Collabera,  25  Airport 
Rd,  Morristown,  NJ 
07960 


y - ; - \ 

Looking  for 

something  new? 

You’ve  come  to  the 
right  place! 


Check  back  with  us  weekly 
for  fresh  listings  placed  by  top 
companies  looking  for  skilled 
professionals  like  you! 

ucareers 


Saras  America  seeks  Systems 
Analyst,  Programmer,  Software 
Engineer,  DBA.  Job  duties/tools 
vary  depending  on  position  (SAP, 
Oracle,  Unix,  VB.Net,  J2EE, 
Java,  WebSphere/WebLogic,  C / 
C++,  etc).  MS  or  BS  with  1-5yrs 
exp.  Travel  maybe  required.  Send 
resume  to:  hr@SarasAmerica.com. 

KPK  Technologies  has  immediate 
openings  for  Analyst,  Software/ 
Project  Engineers  to  fill  various 
positions  to  customize  applica¬ 
tions,  database  system,  software 
using  Java,  DB2,  Oracle,  VB, 
Weblogic/Websphere  etc.  Good 
wages.  Travel  required.  Please  con¬ 
tact  lnfb@kpktech.com.  EOE. 


IT  careers 


Multiple  IT  Related  Positions 
(National  Placement  out  of 
Pittsburgh,  PA).  Analyze, 
design,  develop,  test,  adminis¬ 
ter,  customize  and  implement 
computer  software  applications. 
Candidates  may  qualify  for 
either  job  listed  below: 

A)  Software  Engineers: 
Bachelors  Degree  or  equivalent 
in  Computers,  Information 
Systems,  Engineering,  Electronics, 
Sciences  or  Mathematics  with  two 
years  related  experience  or  Masters 
Degree  with  at  least  six  months 
experience  in  relevant  technologies. 
Ref#  NET-701 

Must  have  experience  with 
.NET,  C++,  ASP,  Java,  J2EE, 
Websphere  and  Weblogic. 
Ref#  JAV-701 

Must  have  experience  with  Java, 
J2EE,  Oracle,  JSP,  EJB,  XML, 
Weblogic  and  Websphere. 
Ref#  EQA-701 

Must  have  experience  with 
Winrunner,  Loadrunner,  Rational 
Suite,  Test  Director  and  Clearquest. 

B)  Computer  Systems  Analysts: 
Bachelors  Degree  or  Equivalent 
in  Business  Administration, 
Management,  Accounting, 
Information  Systems,  Electronics, 
Sciences,  Engineering  or  Computers 
is  required  and  two  years  related 
experience  or  Masters  Degree 
with  six  months  related  experience. 
Ref#  SAP-701 

Must  have  experience  in  cus¬ 
tomizing,  implementing  SAP  R/3 
Applications  in  at  least  two 
(2)  of  the  following  modules 
Basis/Security  or  BW  or  FI/CO  or 
PS  or  CRM  or  HR  or  PP  or  MM, 
or  SD  or  Enterprise  Portal,  XI  or 
ABAP  or  Netweaver.  Must  be  able 
to  relocate  to  different  client  sites 
as  needed  nationwide.  9-5,  40 
hrs/wk.  Please  use  reference 
(Ref#)  when  applying  for  job  you 
are  interested  in  and  send 
resumes  to  Attn:  HR,  Velaga 
Associates,  inc.  1651  Royal  Oak 
Drive  Sewickley,  PA  15143  or  to 
va@velagainc.com. 
Velaga  Associates,  Inc.  is  an 
Equal  Opportunity  Employer 
M/F/V/D 


NEON  Enterprise  Software,  Inc. 
seeks  experienced  Senior 
Software  Developer  to  work  in 
Sugar  Land,  Texas  to  develop, 
create,  and  modify  mainframe 
software  products  using  IBM's 
High  Level  Assembler.  Mail 
resume  to  Cathy  Zapalac  at 
14100  SW  Frwy  #400,  Sugar 
Land,  TX  77478.  Put  Job  Code 
SSD-1-08  on  resume. 


MARCH  31,  2008  COMPUTFRWORL!) 


* 

1 


i 

i 

i 

* 

i 

! 

i 

l 

i 


TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


Certifiable 

Consultant  pilot  fish  is  visit¬ 
ing  a  potential  client,  and  on 
the  way  in  he  admires  the 
glass-walled  server  room.  It’s 
a  remnant  of  the  office’s  days 
as  the  home  of  a  dot-com,  just 
before  it  went  belly-up.  But 
fish  notices  something  odd: 
There’s  a  guy  sitting  in  there 
in  his  shirt  sleeves  among  all 
the  servers.  Out  of  curios¬ 
ity,  fish  knocks  on  the  door, 
and  is  greeted  by  a  sysadmin 
-  and  a  gust  of  hot  air,  plus 
the  sound  of  equipment  fans 
screaming  at  full  blast.  Did 
your  air  conditioning  fail?  fish 
asks.  “No,  it  was  kinda  cold, 
so  I  switched  it  off,”  sysadmin 
tells  him.  “I  wanted  an  office 
instead  of  the  cubicle  they 
gave  me  across  the  hall,  but 


management  wouldn’t  give 
me  one.  So  I  moved  myself  in 
here.”  Later,  fish  mentions  the 
heat  to  the  VP  of  IT.  “Oh,  so 
that’s  why  in  every  company 
we’ve  ever  visited,  their 
server  rooms  are  like  meat 
lockers,”  she  says.  “But  every 
time  I  brought  this  up  with  the 
system  administrator  who  sits 
in  there,  he  said  that  the  heat 
was  normal.  And  since  he  is 
MCSE-certified,  I  thought  he 
knew  what  he  was  talking 
about,  so  I  never  argued  the 
point  with  him.” 

Your  Problem:  Me 

Boss  to  IT  pilot  fish:  “You 
must  have  training  for  your 
job  this  year!”  Fish:  Cool, 
when  will  you  let  me  take  a 
training  class?  Boss:  “When¬ 


ever  there’s  free  time.”  Fish: 
But  because  of  the  work 
schedule,  there  is  no  free 
time.  The  training  class  you 
want  me  to  take  is  offered 
only  once  a  quarter.  And  the 
last  several  times  you  had 
me  sign  up  for  these  classes, 
you  made  me  cancel  because 
of  unforeseen  problems  and 
emergency  installations. 

Boss:  “That’s  not  my  problem. 
The  company  still  requires 
you  to  get  training  every 
year!” 

Simplicity  Itself 

IT  department  sends  an 
e-mail  blast  to  users:  From 
now  on,  everyone  will  use  a 
single  log-in  credential  for  all 
areas  of  the  network.  User 
pilot  fish’s  reaction:  “Yahoo! 
No  more  numerous  account 
credentials  to  keep  track 
of  for  various  subsystems 
within  the  domain!”  Better 
still,  someone  in  IT  has  re¬ 
ally  thought  this  through;  the 
single  sign-on  credential  is 
the  same  log-in  users  already 


know  for  their  e-mail  ac¬ 
counts.  Then  fish  discovers 
the  catch:  Turns  out  that 
before  a  user  can  get  to  the 
screen  to  use  his  single  log-in 
credentials,  he  first  has  to  go 
to  the  subsystem  he’s  plan¬ 
ning  to  use  and  log  in  with  his  ! 
old  subsystem  credentials. 

Then  he’ll  be  kicked  over  to 
the  universal  log-in  page. 

“Now  the  user  can  apply  the 
convenient  single  log-in  to 
get  into  the  targeted  system,”  \ 
grumbles  fish.  “Thanks  for 
simplifying  our  lives!” 

i 

■  Sharky’s  needs  are  simple: 

I  just  want  your  true  tale  of  IT 
life.  Send  it  to  me  at  sharky@ 
computerworld.com.  I’ll  send 
you  a  snazzy  Shark  shirt  if  I 
use  it. 

r™^™eoMPuS 

O  DO  YOU  LOVE  SHARK  TANK? 

Then  you  might  like  Shark  Bait.  ^ 

Dive  in  and  dish  the  dirt 

with  like-minded  IT  pros: 

sharkbait.computerworld.com. 

©  CHECK  OUT  Sharky’s  blog,  browse  the 
.  Sharkives  and  sign  up  for  Shark  Tank  home  . 

deliveryatcomputerworld.com/sharky. 


■  COMPANIES 
IN  THIS  ISSUE 

Page  number  refers  to  page  on  which 
story  begins.  Company  names  can  also 
be  searched  at  computerworld.com 


Academia  RFID . 40 

Accendor  Research  Inc . 21 

Altor  Networks  Inc . 18 

American  Cancer  Society . . . 14 

American  Hospital  Association . 38 

American  Hospital 

Association  Solutions  Inc . 38 

Americas'  SAP  Users'  Group . 37 

Austin  Energy . 36 

Automated  Clearing  House . 27 

Avlall  Services  Inc.'. . 10 

Baylor  Coliege  of  Medicine . 14 

BEA  Systems  Inc . 6 

Bosley  Medical  Group  Inc . 10 

BT  Group  PLC . 10 

Cables  Wireless  PLC  . 10 

Cellular  Telecommunications 

and  Internet  Association . . 6 

Cisco  Systems  Inc . 40 

Citrix  Systems  Inc . 18 

CommVault  Systems  Inc . . 35 

Compass  Bancshares  Inc . 8 

Con  Edison  Communications . 44 

Defense- Advanced  Research 

Projects  Agency . 6 

Dell  Inc . 35 

Duke  University . 14 

eBay  Inc . 19 

EMC  Corp . 36 

Empirix  Inc . 8 


EqualLogic  Inc . 

Ernst  &  Young  LLP . 

. 38 

Estes  Express  Lines  Inc . 

. 31 

F.  A.  Richard  &  Associates  Inc . 

. 27 

Federal  Trade  Commission . 

. 8 

Forrester  Research  Inc . 

...23,26 

Gartner  Inc . 

...23,40 

Globus  Alliance . 

. 12 

Google  Inc . 

Hancock  Bank . 

. 26 

Hard  Rock  Hotel  &  Casino . 

. 34 

Henley-Putnam  University . 

. 10 

Hewlett-Packard  Co . 

. 10 

Hongkong  Telecom . 

. 10 

IBM . 

Illuminata  Inc . 

Insight  64 . 

International  Information  Systems 

Security  Certification  Consortium . 

. 40 

ISTA  Pharmaceuticals  Inc . 

. 36 

Marathon  Technologies  Corp . 

. 18 

Marriott  International  Inc . 

. 32 

Martha  Stewart  Living  Omnimedia  Inc. 

. 44 

MessageOne  Inc . . . 

Metropolitan  Police  Service 

. 32 

Computer  Crime  Unit . 

. 10 

Microsoft  Corp . 

.  6,16,19 

Motorola  Inc . 

Mozilla  Corp . 

National  Cancer  Institute . 

. 12 

National  Institutes  of  Health . 

. 14 

National  Notification  Network  LLC . . . 

. 38 

NCR  Corp . . . 

Northwestern  University . 

. 14 

Novell  Inc . 

Office  of  the  National  Coordinator  for 

Health  information  Technology . 

. 14 

Oracle  Corp . 6.8,35,38 

Owens-Illinois  Inc . . . 37 

PA  Consulting  Group  Ltd . 10 

PayPal  Inc . 19 

Pearson  Vue . 40 

Protiviti  Inc . 23 

R&H  Security  Consulting  LLC . 19 

Reed  Elsevier  PLC . 8 

Robert  H.  Lurie  Comprehensive 

Cancer  Center . 14 

RPostU.S.Inc . 18 

SAP  AG . 8 

Share . 37 

Sprint  Nextel  Corp . 27 

Strohl  Systems  Group  Inc . 36 

Sun  Microsystems  Inc . 6,8 

SunGard  Availability  Services  LP . 30 

SunGard  Data  Systems  Inc . 30 

Sutherland  Asbill  &  Brennan  LLP . 16 

Symantec  Corp . 6 

SystemExperts  Corp . 23 ' 

Tata  Consultancy  Services  Ltd . 16 

Tauck  World  Discovery . 37 

The  Boeing  Co . 10 

TheNierenberg  Group  Inc . 40 

The  TJX  Companies  Inc . 8 

The  Western  Union  Co . 27 

Tulane  University . 30 

U.K.  Association  of  Chief  Police  Officers . 10 

U.K.  Home  Office . 10 

U.S.  Air  Force . 19 

U.S.  Citizenship  and  Immigration  Services. ...  16 

U.S.  Department  of  Defense . 14 

U.S.  Department  of  Homeland  Security . 27 

U.S.  Tennis  Association . 37 

VMware  Inc . 18, 26 

Wasie  Management  Inc . .8 

Wipro  Ltd . |6 


Akamai . 9 

www.akamai.com/10years 

CDW  Corporation . 15 

CDW.com 

Dell . C4 

dell.com/efficiency 

Hewlett-Packard  Software . C2 

hp.com/go/servicemanagement 

Hewlett-Packard  Storage . 39 

hp.com/go/virtualstorage6 


InterSystems . C3 

lnterSystems.com/Free14A 

Juniper  Networks . 7 

www.  juniper,  net/connected 

Kodak . 35 

kodak.com/go/tuff 

Liebert . 13 

energy.liebert.com 

LTO  Ultrium . 33 

www.trustlto.com 

Microsoft  System  Center . 2 

DesignedForBig.com 

NEC . 11 

www.necus.com/necip 

Storage  Networking  World . 43 

www.snwusa.com 

Sun  Microsystems . 17 

sun.com/openstorage 


This  index  is  provided  as  an  additional  service.  The  publisher 
does  not  assume  any  liability  for  errors  or  omissions. 


abm 


COMPUTERWORLD  SNIA 
STORAGE  NETWORKING  WORLD 

Best  Practices 

IN  STORAGE 


AWARDS  PROGRAM 


AWARDS  PROGRAM  EXCLUSIVELY  SPONSORED  BY: 

HITACHI 

Inspire  the  Next 


Congratulations 

to  Our  Finalists! 

The  SNW  "Best  Practices  in  Storage"  Award 
Recipients  will  Be  Honored  Wednesday,  April  9th 
at  Storage  Networking  World  in  Orlando. 

Storage  Networking  World  (SNW),  in  conjunction  with  Computerworld  and  the  Storage  Networking 
Industry  Association  (SNIA),  proudly  presents  the  11th  SNW  "Best  Practices  in  Storage"  Awards 
Program.  This  program  honors  IT  user  "best  practice"  case  studies  selected  from  a  field  of 
qualified  finalists. 


Thank  you  to  our  "Best  Practices 
in  Storage"  Judges  for  SNW 
Spring  2008: 

•  Peter  Amstutz,  Defense  Contract  Management 

•  Andres  Carvallo,  Austin  Energy 

•  Scott  Dennull,  CareSoure 

•  Brian  Fonseca,  Computerworld 

•  Dale  Frantz,  Auto  Warehousing  Company 

•  Noemi  Greyzdorf,  IDC 

•  Julia  King,  Computerworld 

•  William  Kramer,  NERSC 

•  Richie  Lary,  Lary.com 

•  Lucas  Mearian,  Computerworld 

•  Ron  Milton,  Computerworld 

•  Mark  O'Gara,  Highmark,  Inc. 

•  Arun  Taneja,  Taneja  Group 

•  Mark  Showers,  Monsanto  Company 

•  Jim  Swartz,  Sybase,  Inc. 

•  John  Webster,  llluminata,  Inc. 

•  Ben  Woo,  IDC 


Program  Judges'  Criteria 

Judges  evaluated  and  ranked  the  finalists  in  each  category  according 

to  their  substantiated  storage  networking  solution  attributes  and 

achievements  against  a  set  of  criteria  such  as: 

•  Financial  return  and  measurable  payback  (returns  on  investment, 
assets,  resources)  through  created/protected  revenue  opportunities  or 
cost  savings. 

•  Strategic  importance  to  the  business. 

•  Substantive  customer  impact  (service,  retention,  acquisition). 

•  Positive  impact  on  other  business/organization  units. 

•  Addresses  system  and  department  interoperability  issues  and 
heterogeneous  platform  integration  challenges. 


anticipating  and ; 

networking  solution  initiatives.  | 

•  Supports  the  efficient  and  reliable  data,  infcripation  and  application 
sharing/access  between  personnel,  departments,  divisions,  etc. 

►  Addresses  challenges  of  data,  information  and  application  security, 
ecovery, busghess' continuity. efthA  '  0*  :  : 


Finalists  in  each  of  the  following  categories  are: 

Innovation  and  Promise 


•  Fleet  Management  Limited,  Wanchai,  Hong  Kong 

•  Livermore  Computing,  Livermore,  California 

•  Sprint  Nextel,  Overland  Park,  Kansas 

•  Tucson  Electric  Power,  Tucson,  Arizona 

•  University  of  North  Texas,  Denton,  Texas 

Planning,  Designing  and  Building  a  Strategic  Storage  Infrastructure 

•  3ality  Digital,  Burbank,  California 

•  British  Columbia  Interior  Health  Authority,  Kelowna,  British  Columbia 

•  General  Motors  Corporation,  Warren,  Michigan 

•  Infosys  Technologies  Limited,  Bangalore,  India 

•  VaultLogix,  LLC,  Ipswich,  Massachusetts 


Selecting  and  Deploying  Storage  Networks 


: 


mp 


ifif 


ICICI  Bank  Limited,  Mumbai,  India 
Microsoft  Studios,  Redmond,  Washington 

NASCAR  Media  Group,  a  full-service  production  company  and  broadcast 
division  of  NASCAR,  Charlotte,  North  Carolina 
Rockford  Construction  Company,  Inc.,  Grand  Rapids,  Michigan 


The  University  of  Maryland,  College  Park 

■  0  ■  -  v .  .  > 


jnd  Data  RecL_, 

-  '  ■■■■  1  " _ _ _  '  :  * 


aig|Rg§i 
jjftiiiplp 


. 


•  Gaston  County,  Gastonia,  North  Carolina 

•  Management  Council  -  Ohio  Education  Computer  Network,  Archbold,  Ohio 

•  New  York  Independent  System  Operator,  Rensselaer,  New  York 


Safeguard  Properties,  LLC,  Brooklyn  Heights,  Ohio 
Tucson  Electric  Power,  Tucson,  Arizona 


■  v:;  ;; ; 


■  FRANKLY  SPEAKiNG 

Frank  Hayes 

Beating  the  Net 

YOU  CAN  BEAT  Internet  sabotage.  Martha  Stewart 
Living  Omnimedia  did.  Several  weeks  back,  I  men¬ 
tioned  a  2006  incident  in  which  Con  Edison  Com¬ 
munications  “accidentally  hijacked  Internet  con¬ 
nections  to  investment  houses,  a  bank,  Martha  Stewart’s 
publishing  empire  and  the  New  York  Daily  News .”  I  implied 
that  Martha  Stewart  was  knocked  offline.  I  was  wrong. 


Here’s  what  actually 
!  happened:  Just  after  mid- 
|  night  on  Jan.  22, 2006, 
l  Con  Edison  began  telling 
s  the  Internet  that  it  was 
J  Martha  Stewart.  That 
.  is,  Con  Edison  errone- 
|  ously  began  sending  out 
\  routing  information  to 

*  redirect  Internet  traf- 

I 

*  fic  intended  for  Martha 
\  Stewart  Living  Omni- 

*  media  to  its  own  servers. 

The  publishing  com- 
\  pany  was  a  Con  Edison 
;  customer.  So  were  other 
!  businesses  and  Internet 
j  providers  whose  routing 
\  information  Con  Edison 
;  hijacked  at  the  same  time. 
J  The  result  was  a  mess 
!  that  wasn’t  completely 
j  cleared  up  for  18  hours 
J  —  and  some  businesses 
<  were  offline  for  most  of 
;  that  time. 

But  not  Martha  Stew- 
>  art,  whose  CIO,  Mike 
!  Plonski,  wrote  to  me  to 
!  clarify  what  happened  at 
J  his  company. 

Plonski’s  secret  sauce? 

No  big  secret  —  just 


network  monitoring  and 
redundancy. 

Plonski  said:  “While 
one  of  the  Internet  con¬ 
nections  at  our  corporate 
offices  was  impacted  by 
the  ConEd  issue  you  de¬ 
scribe,  we,  as  a  company, 
are  smart  enough  to  have 
employed  redundancy, 
both  by  location  and 
carrier,  for  our  network 
operations.  As  a  result, 
during  this  time  frame, 
we  simply  flipped  all  of 
our  Internet  traffic  to  run 
over  our  secondary  line 
until  ConEd  resolved 
their  issue.” 

OK,  it  was  a  little  more 
complicated  than  that. 
Plonski  said  his  staff  spot¬ 
ted  the  problem  through 
routine  network  monitor¬ 
ing.  There  was  clearly 

II  It  didn't  require 
rocket  science 
_  -  just  monitoring, 

!  redundancy  and 
!  sharp  IT  staff 
i  work. 


something  wrong  with 
network  traffic  coming 
to  the  corporate  office 
over  the  Con  Edison  line. 
Thanks  to  the  monitoring, 
the  company  knew  about 
the  problem  about  30 
minutes  after  it  started. 

Because  of  the  type  of 
outage,  an  IT  staffer  had 
to  connect  and  manually 
switch  over  to  a  redun¬ 
dant  line.  That  took  an¬ 
other  hour. 

Total  time  for  the  out¬ 
age:  about  90  minutes 
in  the  wee  hours  of  a 
Sunday  morning.  Total 
impact:  minimal. 

An  outage?  Yes.  A 
knockout?  No  way. 

And  handling  the  prob¬ 
lem  didn’t  require  rocket 
science  —  just  monitor¬ 
ing,  redundancy  and 
sharp  IT  staff  work. 

That’s  important, 
because  today  your  busi¬ 
ness  runs  on  the  Internet 
to  at  least  some  degree. 
With  outsourcing,  in¬ 
creasingly  automated 
supply  chains  and  soft¬ 


ware  as  a  service,  your 
business  operations  will 
soon  be  depending  on  the 
Internet  more  and  more. 

But  while  you’ve  sold 
the  Internet  to  your 
management  as  a  great 
platform  for  business,  in 
reality,  it’s  . . .  well,  shaky. 
What  you  want  —  and 
need  —  is  stability.  What 
you’ve  got  is  a  global  net¬ 
work  in  which  backhoes 
and  boat  anchors  can  tear 
up  physical  connections 
at  any  moment  —  and 
hackers,  spammers  and 
censorship -happy  politi¬ 
cians  can  sabotage  it  just 
as  often. 

You  can’t  fix  the  In¬ 
ternet.  You  can’t  pre¬ 
vent  that  damage  and 
sabotage.  But  you  can  use 
monitoring  to  spot  minor 
bottlenecks  and  major 
attacks.  You  can  use  re¬ 
dundancy  to  guarantee 
there’s  a  path  to  the  Inter¬ 
net  even  when  your  usual 
route  is  cut  off.  You  can 
plan  and  react  to  reduce 
the  impact  of  an  outage 
to  a  fraction  of  what  it 
would  otherwise  be. 

You  can  do  this.  Like 
Martha  Stewart’s  IT 
shop,  you  really  can  beat 
Internet  sabotage. 

And  —  as  someone 
once  said  —  that’s  a  good 
thing.  ■ 

Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
at  frank_hayes@ 
computerworld.com. 


44  C0MPUTERW0RLD  MARCH  31,  2008 


Innovations  by  InterSystems 


Embed  competitive  advantages. 


To  make  database  applications  more  valuable,  embed  InterSystems  Cache®  -  the  object  database 
that  runs  SQL  faster  than  relational  databases  -  and  enjoy  higher  speed  and  scalability  while 
lowering  hardware  and  administration  requirements.  Or,  for  applications  that  have  to  link  with 
multiple  systems  and  processes,  embed  InterSystems  Ensemble®.  Your  applications  will  become 
connectable,  and  you’ll  be  able  to  rapidly  enhance 
them  with  a  rich  Web  interface,  adaptable  work- 
flow,  rules-based  business  processes,  and  other 
new  features  -  without  rewriting. 


InterSystems 

mm 


InterSystems  f 

CACHE 


® 


Make 

Applications 

More 

Valuable 


Download  a  free,  fully  functional  copy  of  Cache,  or  see  a  demonstration  of  Ensemble,  at  InterSystems.com/FreeI4A 


©  2007  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Cache  and  InterSystems  Ensemble  arc  registered  trademarks  of  InterSystems  Corporation,  9  07  EmbcdComboH  CoWo 


it  -j&i&iJkiM 


DELL  M600  BLADE  SYSTEM 


ENERGY  EFFICIENCY 

HP  CANT  BEAT 


DELL.COM/Efficiency  or  call  866.212.9341 


Based  on  Principled  Technologies’  “SPECjbb2005  performance  and  power  consumption  on  Dell,  HP  and 
IBM  blade  servers”  December  2007  test  report  commissioned  by  Dell. 


